Common Vulnerabilities and Exposures (aka CVEs) in containers, at least according to the interviews conducted for this study, are a pain (in the vuln). Chainguard conducted ten interviews with software professionals at a range of companies that build or operate containers. The interview questions dealt with the processes and workflows that these professionals use to identify, triage, and remediate CVEs in containers. Many of the questions either involved a request for a time estimate of each step of the process or probed the “why” behind the process or workflow.

In this edition of the State of the Internet/Security (SOTI) report, we continue to research the array of attacks observed in web applications and API, their impacts on the organization, and how vulnerabilities figure in the API landscape. Our goal is to illustrate the dangers posed by the web application and API attacks, with recommendations on how to successfully defend your network against such attacks.

In this latest State of the Internet/Security (SOTI) report, we examine various attack types that commerce organizations and their customers face. We explore our multitude of datasets in areas such as web applications, bots, phishing, and usage of third-party scripts, to get a “pulse” of what’s happening in this sector and help cybersecurity leaders and practitioners understand some of the threat trends impacting the commerce industry. Akamai sees an enormous number of attacks across all our security tools, so we can share the shifts we see in malware attacks, customer impacts, regulatory requirements, and emerging threats.

In our bi-annual AppSec Indicator report, we uncover insights and trends to guide best practices in vulnerability identification and remediation. For this year’s Spring edition of the Invicti AppSec Indicator, we analyzed data from 1.7 million scans conducted by the 1,700 customers that use our cloud dynamic application security testing (DAST) offering, representing approximately half of our entire customer base.

This report aims to demonstrate the state of full stack security based on thousands of full stack assessments globally, delivered by the Edgescan SaaS during 2019. This report is still a joy to do as it gives decent insight into what’s going on from a trends and statistics perspective and overall state of cyber security. This report provides a glimpse of a global snapshot across dozens of industry verticals how to prioritize on what is important, as not all vulnerabilities are equal.

In this edition, we look at the attacks and trends in the gaming industry during 2020. It was a volatile year, and we’re not just speaking about the pandemic. Web attacks targeting the gaming industry were up 340% year over year between 2019 and 2020, and credentials stuffing attacks were up 224%. Strangely enough, DDoS attacks against the gaming industry fell by nearly 20% during the same period.

This SOTI report looks at current state of online gaming. it also examines the most pervasive threats coming from online criminals. Ans to fully explore the topic of attacks on gaming, we dig deeper into the data around web application and API attacks, Distributed Denial of Service (DDoS) trends, the overarching goals of attackers, and more. This report also explored the threat landscape that has grown out of the pandemic in the gaming industry and the impact of cyberattacks on gaming companies.

A meta-analysis of industry reports on the variety and forms of application exploits used in security incidents.

A review of the threat volume and characteristics affecting e-commerce.

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. nurture (the behaviors developers take) and the relative effect each has on application security.

This edition of the State of the Internet (SOTI)/Security report series focuses on the retail and hospitality sectors. An extensive review of how credential abuse attacks are carried out from both a methodology perspective and a volumetric angle is given.

A review of web application vulnerabilities as seen through Acuentix’s web scans between March 2019 and February 2020.

Using Akamai’s global visibility and content delivery networks, this report covers the security threats present in the gaming industry. An exploration of how gamers are a growing lucrative target for criminals, including methods, geography, and recommendations.

A report from aggregate telemetry on Contrast Security customers’ applications between June 2019 and May 2020. Covers application vulnerability prevalence, time to remediation, attacks, and composition, among other themes.

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data.

The fifth edition of Edgescan’s vulnerability statistics report. Uses both scan data and survey data to report on vulnerability management, with a special focus on web application vulnerabilities.

Akamai’s annual overview of security traffic trends for 2019.

This is the 6th annual SOTI from Akamai. The Key findings are: • Between November 2017 and October 2019, more than 40% of the unique DDoS targets were in the financial services industry • Traditional logins (username and password) still account for the majority (74%) of access methods to applications and services • From May to October 2019, credential stuffing attacks targeting the financial services industry have targeted APIs, often accounting for 75% or more of the total login attacks against financial services

This report outlines the state of open source security, including open source adoption, known vulnerabilities, and vulnerability identification.

From the report, “From January 2018 through June 2019, Akamai recorded more than 61 billion credential stuffing attempts and more than 4 billion web application attacks. In this special edition of the State of the Internet / Security Report, we’re focusing on data within the high tech, video media, and entertainment sectors — collectively named Media & Technology.”

This installment of State of the Internet / Security examines credential stuffing and web application attack trends over the last 17 months, with a focus on the gaming industry. One reason gaming is so lucrative is the trend of adding easily commoditized items for gamers to consume, such as cosmetic enhancements, special weapons, or other related items. Gamers are also a niche demographic known for spending money, so their financial status makes them tempting targets. We began collecting credential abuse data at the beginning of November 2017 and chose to use the same period with our application attack data to make direct comparisons between plots easier for readers.