Table of ContentsExecutive Summary 04The State of Application Security06The Threat Landscape07The Issue with Denial of Service09Conficting Outlooks10Why the Discrepancy11Impact of Attacks14Protecting Sensitive Data16Data Collection and Sharing Practices17Discovering Data Breaches18The Issue with APIs20Bots: Friend and Foe22Bot Traffc in the Network23Determining Real Users vs. Bots23The Issue with Web Scraping24Business Implications Are Signifcant24Securing Applications Across the Network Ecosystem26Application Protection Strategies27The Dynamic Application Environment28Cloud Provider Trust Factor29Summary and Recommendations30About the Research32About Radware32THE STATE OF WEB APPLICATION SECURITY| 3 To compete more effectively,companies are examining how bestto manage and secure applicationsand data. As the complexity ofcloud and on-premises networksincreases, new vulnerabilities areintroduced that leave applicationsopen to constant attacks.What is the current threat landscape like for multinationalorganizations How is exposure to application attacks affectinghow companies secure their networks against data breachesTo fnd out, Radware sought the opinions of senior executives andIT professionals responsible for network security at companieswith a global reach. What follows is a summary of current globalperceptions on the state of application attacks and insights onhow to best identify and mitigate threats in the future.4|THE STATE OF WEB APPLICATION SECURITY Applications run the world.Executive Summary From sophisticated e-commerce engines to cloud-basedproductivity solutions and personal tools on mobile phones,web applications power how things get done. Organizationsaround the globe rely on them for connections to customers,business partners, suppliers and staff.To better understand the challenges that organizations face to protect web applications, Radware commissioned a second annual global survey of senior executives and ITprofessionals at companies with worldwide operations. Thegoal of the survey was to fnd out how security breacheshave affected respondents’ organizations in the past 12months and the impact of application attacks on plans forcybersecurity protection measures. The results painted apicture of what is common to companies around the world,as well as in three regions: Asia-Pacifc (APAC), the Americas(AMER) and Europe/Middle East/Africa (EMEA). In general, organizations reported a contradictory combinationof inputs between the frequency and severity of attacks andconfdence in their abilities to manage the impact.While most respondents said that hackers wereable to access their networks, the vast majorityof respondents said that they were certain their organizations could keep up with the growing rate of application-layer attacks, eventhough many did not secure APIs or felt that their WAFs were not stopping all attacks. KEY FINDINGS: THE SURVEY REVEALED INSIGHTS IN FOUR KEY CATEGORIES: 1. The State of Application Security 2. Protecting Sensitive Data 3. The Emergence of Bot Trafc 4. Securing Applications Across the Network Ecosystem THE STATE OF APPLICATION SECURITY Threats to application security are a growing problem, butrespondents had conficting thoughts about the seriousnessof the threat landscape and their ability to manage it.More than 25% of organizations experienced attacks on adaily basis, with the majority experiencing attacks weekly.The most common types of application/web server attackswere encrypted web attacks and data security breaches. 70% of respondents reported attacks against their applicationsover IPv6, with one-third of the attacks targeting applicationprogramming interfaces (APIs).80% of respondents from APAC believed that they werevulnerable to hackers compared to about 60% in both AMERand EMEA.90% of respondents across all regions said that they wereconfdent that their organizations could keep up with thegrowing rate of application-layer attacks.About half of the organizations surveyed indicated that some of their customers asked for compensation or their ownreputations suffered because of application/web server attacks.Respondents said that data security breaches were the mostdifcult type of application attack to detect and mitigate. EXECUTIVE SUMMARY 。。。。。。