The PenTest Intelligence Report aims to help the broader cybersecurity community.
NEW YORK, June 28, 2022 /PRNewswire/ -- BreachLock, a unified Penetration Testing as a Service (PTaaS) platform that caters to enterprise penetration testing needs is releasing its maiden version of "Annual Penetration Testing Intelligence Report, 2022".
BreachLock has been helping clients with Penetration Testing as a Service since 2019 and delivers its services using a SaaS platform. An unseen perk of using a SaaS-based delivery model is the collection of data points in an aggregated and anonymized manner from various Penetration Tests that feed into BreachLock's AI (Artificial Intelligence) platform to derive intelligence that is leveraged to create additional value for its clients.
Some of the interesting findings from the report:
- Over 30% of the Critical vulnerabilities and over 50% of the High vulnerabilities in web applications stem from the lack of input sanitization and use of aIlow-listing. Filtering and sanitization for user input and files can fix most of the findings.
- Over 18% of findings are still related to HSTS (HTTP Strict Transport Security). It's been more than 10 years since https has become a de facto standard for communication over the web.
- Organizations remediate vulnerabilities and findings over 20% faster in external infrastructure than in internal infrastructure.
- Hard coded credentials such as API (Application Programming Interface) keys are mostly found among other high and critical findings during Mobile App PenTesting
"Today I feel extremely proud of my team to share the intelligence and conclusions that we have captured in the past 3.5 years. This is our way of paying it forward to the CISO (Chief Information Security Officers) and security community at large," said Seemant Sehgal, CEO & Founder of BreachLock.
"The use of AI and Automation with Human PenTesters is not only helping clients receive 'Fast & Comprehensive PenTest at Scale', but also helps BreachLock attract the best Penetration Testing talent in the market. The in-house Penetration Testers no longer have to do monotonous tasks like drafting reports, taking screenshots, performing scanning, etc. They can focus on doing what they are best at - finding creative ways of bypassing security controls and exploiting more challenging vulnerabilities," he further added.
BreachLock is the world's first Human-Augmented, AI-powered, SaaS-delivered PTaaS. The platform helps enterprise clients with Penetration Testing with the use of A.I (Artificial Intelligence)., Automation, and in-house PenTesters. The SaaS platform enables integration across Security, IT, and Operations tools in the ecosystem to unify the workflow for operational effectiveness and efficiency.
To learn more about Penetration Testing as a Service (PTaaS), check our FAQ.
View original content to download multimedia: