Infosec Institute -
Each year, Cobalt releases its State of Pentesting report, which extracts trends and statistics about the state of security from penetration testing engagements on its platform. This year’s report is based on an analysis of 1,602 pentests performed in 2021 and survey results from 601 companies that are not all Cobalt customers. Of these 1,602 pentests, nearly three-quarters of companies sought Cobalt’s services for pentests of their web applications or web APIs. As a result, the vulnerabilities and remediation recommendations outlined in Cobalt’s report skewed heavily towards web apps and APIs.
Analysis of 1,602 pentest engagements provides Cobalt with deep visibility into the vulnerabilities and security issues its customers are struggling with. Based on its analysis, Cobalt was able to identify the most common vulnerabilities and pentest findings in 2021 and break down results by asset and industry.
Top five most common vulnerabilities
Cobalt has been publishing a list of the five most common vulnerabilities in its State of Pentesting Reports since 2018. The 2021 report’s list includes:
Server Security Misconfigurations (28.1%) Cross-Site Scripting (15.5%) Broken Access Control (14.7%) Sensitive Data Exposure (8.4%) Authentication and Sessions (8%)
For those familiar with the report, this list