《Black Duck：2024年软件漏洞洞察报告：基于20万次web应用安全扫描数据（英文版）（20页）.pdf》由会员分享，可在线阅读，更多相关《Black Duck：2024年软件漏洞洞察报告：基于20万次web应用安全扫描数据（英文版）（20页）.pdf（20页珍藏版）》请在三个皮匠报告上搜索。

1、2024 Software Vulnerability Snapshot Insights into Critical Vulnerabilities from over 200,000 Application Security Scans by Black Duck BlackD|2Table of contentsExecutive Summary.1About Black Duck .1Key Findings.1Potential Business Impact Suggested by the Data.3Recommendations.4Industry Sectors Repre

2、sented in This Report.5Fundamentals of Dynamic Application Security Testing.6Key Characteristics of DAST.6DAST in the Modern Security Landscape.6DAST and Other Testing Methodologies.6DAST in Preproduction and Production.7Vulnerability Landscape Analysis.8Top 10 Vulnerability Classes Identified.8Crit

3、ical-Risk and Urgent Vulnerabilities.10OWASP Top 10 Category Analysis.11Industry-Specific Vulnerability Trends.12The Interplay of DAST,SAST,and SCA.15Comparative Strengths in Detecting Specific Vulnerabilities.15Synergies Between Testing Methodologies.16Conclusion.17BlackD|1Executive SummaryThis rep

4、ort analyzes data from over 200,000 dynamic application security testing(DAST)scans conducted by Black Duck on approximately 1,300 applications across 19 industry sectors from June 2023 to June 2024.The findings provide insights into the current state of security for web-based applications and syste

5、ms,and the potential impact of security vulnerabilities on business operations in high-risk sectors such as Finance,Insurance,and Healthcare.The report also examines how DAST offers a crucial complement to other security testing methods,such as static application security testing(SAST)and software c

6、omposition analysis(SCA),and provides a unique perspective on application security by mimicking real-world attack scenarios.Key FindingsThe Vulnerability LandscapeA total 96,917 vulnerabilities were identified in scans conducted 202324.These are the top critical-risk vulnerabilities identified.Crypt