Penetration Tests in 2022- 94% of organizations use PT

Pen testing full 2022 report

 2022 Penetration Test research 

The world of penetration testing has undergone an upheaval in recent years. From an unknown niche to a well-known technique, pen testing has become one of the most popular methods for strengthening organizations’ cyber security defenses around the world, with 94% of organizations that participated in CoreSecurity’s research admitting that penetration testing is important to their cyber security system to some extent.

What is a penetration test?

Penetration testing is a way to assess the security level of systems, applications, mobile services, and infrastructure. The penetration test begins with the mapping of the organization’s digital assets, including integration with third-party systems, user behavior, and the like. The purpose of the test is to locate weaknesses and vulnerabilities in organizational systems and deliver recommendations for repair. 

At the end of the process, the client receives a full report detailing all system vulnerabilities, severity level, screenshots of the findings found, and recommendations for repair. 

For an in-depth read on all types of penetration testers, go to our full PT article.

Reasons for increase in PT popularity 

One of the main reasons for this phenomenon is remote work, which entered our lives after the corona epidemic spread around the world and caused global lockdowns. Even now, after the decline of the coronavirus, many workplaces have adopted the hybrid work method. This leads to constant concern among IT teams, due to the difficulty in managing employees’ home networks and the multiple devices connecting to the corporate network.

Another reason is the alarming increase in ransomware attacks. In a study published this year by SOPHOS, a leading company providing EDR solutions, it was found that 66% of the organizations in the study were affected by ransomware in 2021, an increase from 37% in 2020.

This reflects the growing success of the Ransomware-as-a-Service model which significantly extends the reach of ransomware by reducing the level of skill required to deploy an attack. This model essentially allows users who have purchased a subscription to use ransomware tools for their own use, and the investors in the development of the software receive a percentage of each ransom paid. Like the SaaS users, the RaaS users do not need any knowledge or experience to take advantage of the capabilities of this tool.

Phishing is still the leading reason for the success of ransomware attacks, with a 28% percent increase from Q1 2021 to Q4 2021, according to PhishLabs research.

According to information security professionals who participated in Coresecurity’s 2022 survey, 75% answered that they perform penetration testing to comply with international cyber regulations, such as GDPR and ISO 27001, an increase of 5 percent from last year. International regulations require proof of concept that an organization has strengthened its cyber security system on sensitive data such as credit cards, IDs, personal health records, and the like. That’s why penetration tests are an excellent way not only to map cyber security weaknesses and fix them but can also be used as proof of compliance.

In addition, 75% of the participants attributed the use of penetration tests as part of a risk survey process and examination of their information security system to find weaknesses.

Environments Tested in Pen Tests

In a study published by coresecurity, it was found that the Windows environment is the environment on which the most penetration tests are performed in 2022. Although there are few vulnerabilities in Windows, as Microsoft closely guards its flagship software, the main concern stems from its massive presence in almost every organization, which makes it a target.

Browser-based applications, such as a website and API, are in second place, with 67% of survey respondents having penetration tested the application environment. Browser-based applications inherently have many security vulnerabilities due to their access to the Internet, including vulnerabilities that allow SQL and XSS injections, as well as MITM and DDOS.

Findings of Penetration Tests

VAADATA, a penetration testing company located in Europe, performed an analysis of its customers in 2021 and noticed that 29% of penetration tests found a critical weakness, and 44% of tests found more than one important weakness.

In each penetration test, VAADATA found on average:

  • 0.7 Critical findings
  • 1.3 Important findings
  • 1.5 Findings of medium severity level
  • 2.9 Findings of low severity
  • 0.7 Findings at the level of information gathering

Division of all the findings found in the penetration tests performed by VAADATA about 11% of all findings were critical and required immediate correction.

The most frequent findings were:

  • XSS weaknesses – An XSS attack is the injection of code into form fields of websites and applications – for example, a registration form, login, leaving details or search.
  • Misconfiguration allows privilege escalation to gain privileges and access to restricted areas.
  • Lack of mechanisms to limit requests – this weakness can be exploited by hackers to carry out a Brute Force and DDOS attack.

To access CoreSecurity’s full research click here

Share on facebook
Share on twitter
Share on whatsapp
Share on linkedin

View Free
Pen Test Report

מבדק חדירות רדאנטרי

Latest Cyber News

Start Your Path Towards a
Safer Cyber-World

בואו לקבל דו"ח לדוגמא
של בדיקת חדירות

מבדק חדירות רדאנטרי

העדכונים האחרונים
בעולם הסייבר