Penta Security Releases Major Web Attack Trends Report for 2020Penta Security Releases Major Web Attack Trends Report for 2020
Penta Security released its annual Web Application Threat Trend (WATT) report based on real web application threat data collected and analyzed by Penta Security (WAPPLES) and Cloudbric, the cloud-based security solutions provider dedicated to providing customized and simplified WAF solutions. The resulting WATT Report for the first half of 2020 is a useful tool for enterprises to protect data effectively, particularly following the disruption of operations due to the COVID-19 pandemic.
The report identifies web attack patterns through the latest attack trend analysis and aims to reflect predicted results to WAPPLES and Cloudbric operations, leading WAF providers in the APAC region. Through this report, the companies were able to gain statistical information on major web attacks and an annual increase in extension filtering attacks and SQL injection attacks based on the detection rules of WAPPLES and Cloudbric solutions.
Notable findings from this WATT report include the following:
Most Frequently Detected WAPPLES Rules
The top 5 attacks detected by Penta Security’s web application firewall WAPPLES and Cloudbric were extension filtering, request header filtering, SQL injection, error handling, and URL access control.
Detection Figures of OWASP Top 10
The top 10 web attack types selected by OWASP based on the detection log data were analyzed thoroughly by Penta Security and Cloudbric. The result shows that web applications with confidential information are used much more frequently in organizations, making them even more vulnerable to threats.
Origin of Attacks by Region & Industry
The highest number of web attacks occurred in Asia, followed by Europe, America, Africa, and Oceania. Distribution and manufacturing industries saw the highest number of web attacks, followed by broadcasting and communication, education, public sectors, and shopping malls. Attacks were mainly targeted at companies where in-house employees hold a substantial amount of confidential information.
Objectives & Distribution of Attacks
The main objectives were information leakage and vulnerability scanning, as the frequency of personal information targeted attacks have been increasing dramatically.