Invicti Security launches its annual Spring AppSec Indicator Report
April 2023 by Invicti Security™
Invicti Security™ released the findings of its annual Spring AppSec Indicator Report. As a pioneer in dynamic application security testing (DAST), interactive application security testing (IAST), and software composition analysis (SCA), Invicti Security commissioned the report to assess the impact and prevalence of modern web vulnerabilities. }=

The Spring AppSec Indicator Report examines data from over 1.7 million scans and 1,700 Invicti customers and shares insights and trends to guide best practices in vulnerability identification and remediation. Highlights include:
● Scanning is steadily increasing, up 50% from 2019 to 2022, as customers are scanning their web applications and APIs more often.
● Percentage of scans with a severe vulnerability declined 19% year over year. After steady increases in prior years, the percentage of scans with severe vulnerabilities declined 19% from 2021 to 2022.
● Remote code execution (RCE) vulnerabilities show a significant increase, with the average percentage of apps with RCE flaws up 40% since last year.
● Percentage of scans with severe cross-site scripting (XSS) vulnerabilities continues to decline, dropping 12% from 2021 to 2022.
“This spring’s AppSec Indicator Report unveiled a key trend: Organizations are scanning a greater portion of their attack surface for vulnerabilities, and scanning them more frequently,” said Invicti’s Chief Product Officer, Sonali Shah. “By automating testing of their web applications and APIs in development and in production and quickly remediating issues found, companies are reducing the risk of a data breach. Continuous security testing is an indispensable feature of a successful AppSec program.”