The Synopsys tests shed light on persistent vulnerabilities that remain significant challenges to web and software application security, especially the top vulnerabilities related to

• Information disclosure/leakage and privacy
• Misconfigurations
• Insufficient transport layer protection

The tests also underscore the ongoing dangers posed by vulnerable third-party libraries and the need for robust software supply chain security in software development environments, where well over 90% of software contains open source.

Industries Represented

Sixteen industry verticals are represented in the report, including software and internet, financial services, insurance, business services, manufacturing, media and entertainment, and healthcare.

Tests Included

Application security (AppSec) tests performed include penetration testing, dynamic application security testing, and mobile application security testing—all designed to probe running applications the way a real-world hacker would.