[Analyst Report] 2021 Software Vulnerability Trends | Synopsys
close search bar

Sorry, not available in this language yet

close language selection
Vulnerabilities Booklet | Synopsys

2021 Software Vulnerability Snapshot
Issues plaguing web and mobile apps and the AppSec tools and activities that minimize risks

What’s Inside 

The Synopsys Cybersecurity Research Center (CyRC) examined data from thousands of commercial software security tests performed in 2020. The CyRC team measured this data against the 2021 OWASP Top 10 list of the most critical security risks to web applications.

Download the report to learn what vulnerabilities—such as cross-site scripting, remote code execution, and SQL injection—were most common in commercial software, and why relying solely on automated tests can leave organizations at risk to cyberattacks and data breaches.

 

<p>Industry verticals represented in the report include software and internet, financial services, business services, manufacturing, media and entertainment, and healthcare.</p>

Industries Represented

Industry verticals represented in the report include software and internet, financial services, business services, manufacturing, media and entertainment, and healthcare.

<p>Application security (AppSec) tests performed include penetration testing, dynamic application security testing (DAST), and mobile application security analyses—<b>all designed to probe running applications the way a real-world hacker would</b>.</p>

Tests Included

Application security (AppSec) tests performed include penetration testing, dynamic application security testing (DAST), and mobile application security analyses—all designed to probe running applications the way a real-world hacker would.

<p>The report makes it clear why a full spectrum of AppSec testing is essential to managing software risk. While “transparent box” tools such as static application security testing (SAST) can shed light on security issues early in the software development life cycle, SAST cannot uncover runtime security vulnerabilities. Likewise, <b>several vulnerabilities cannot be detected by automated tools and need human oversight to uncover</b>.</p>

Key Findings

The report makes it clear why a full spectrum of AppSec testing is essential to managing software risk. While “transparent box” tools such as static application security testing (SAST) can shed light on security issues early in the software development life cycle, SAST cannot uncover runtime security vulnerabilities. Likewise, several vulnerabilities cannot be detected by automated tools and need human oversight to uncover.

Download the Report

An Analysis by Synopsys Application Security Testing Services

The Synopsys Cybersecurity Research Center (CyRC) examined anonymized data from thousands of commercial software security tests performed by Synopsys application security testing services in 2020. The CyRC team measured this data against the 2021 OWASP Top 10 list of the most critical security risks to web applications. 

Out of 3,900 tests run by CyRC

  • 97% revealed vulnerabilities
  • 36% revealed high or critical severity vulnerabilities
  • 76% of vulnerabilities fell into an OWASP Top 10 category

Download the report now