Market Overview

tCell Finds Web Application Attack to Breach Ratio Still High With Cross-Site Scripting (XSS) and SQL Injection the Most Common


tCell Finds Web Application Attack to Breach Ratio Still High With Cross-Site Scripting (XSS) and SQL Injection the Most Common

New application security report on Q2 2018 threats evaluated more than 300 million incidents to determine the most prevalent types of real-world attacks in cloud-based web applications

PR Newswire

SAN FRANCISCO, Aug. 22, 2018 /PRNewswire/ -- tCell, the leading provider of web application threat defense and monitoring, today released the Security Report for Web Applications (Q2 2018) which identified key threats in real-world web application traffic in the Amazon Web Services (AWS) and Azure cloud ecosystems. In evaluating 316 million incidents, it is clear that attacks against the application are growing in volume and sophistication, and as such, continue to be a major threat to business.

tCell, the next-generation web application firewall for the cloud (PRNewsfoto/tCell)

The majority of web application attacks are the result of overall scanning for vulnerabilities; however, many others are real attempts to compromise a particular target. Last year, tCell reported that the attack to breach ratio for web applications is 1,200 to 1. This report confirms that ratio is still in effect and identified five confirmed cross-site scripting (XSS) breaches. Web application attacks are noisy because hackers are using automated attacks to probe web applications for weak spots. The findings showed that 47 percent of companies were targeted by automated attacks.

"Real world web apps are under constant attack. For security operations teams, finding the successful attack amidst all the noise is like finding a needle in a haystack of needles," said Michael Feiertag, CEO of tCell. "Improving visibility and reducing the resource strain that these attacks put on the system are the reasons why companies are deploying runtime application self-protection technology."

tCell found that XSS, SQL injection, automated threats, file path traversals and command injection were the most common types of security attacks. These differ from the 2017 OWASP (Open Web Application Security Project) Top 10 list of web application threats and security flaws. The main reason for this difference is that tCell protects applications in-production that reside in the AWS, Azure and Google cloud environments. This provides a unique perspective on application security in production and the nature of the attacks themselves.

In looking at Common Vulnerabilities and Exposures (CVEs), tCell found that 90 percent of active applications use libraries with a known CVE -- 30 percent used a library with a critical CVE. Patching a critical CVE took an average of 34 days, only four days faster than the average time to patch overall regardless of severity. This demonstrates an overall improvement in time to remediation, which previously could take weeks to months, and the ability of organizations to track the business criticality of the application, understand the severity of the vulnerability and prioritize production security issues.

As interconnectivity of businesses and applications grow, the attack surface area is also growing through the use of APIs. tCell found that this represents a critical blind spot to security and operation teams. On average, each application had 2,900 orphaned routes or exposed API endpoints without a current business function. In fact, 92 percent of all routes and API endpoints are orphaned.

tCell protects web applications at runtime by installing an agent on the application server and browser. When looking at browser-based attacks such as XSS, clickjacking and cryptomining, 0.31 percent of users' browsers were infected with malware. To protect systems from cryptomining and the resulting drain on computing resources, it is essential to block the initial attack. Eliminating the ability to land a XSS attack dramatically decreases the likelihood of a successful cryptomining attempt.

"The frequency of web application threats makes it difficult for organizations to keep their web application firewalls running effectively and impact their ability to implement updates to security systems," added Feiertag. "The rapid growth of DevOps, containerization, microservices and cloud deployments have made it more essential to secure apps in production, yet simultaneously more difficult to do so. It is imperative that secure coding practices become a critical part of the larger landscape in order to stop vulnerabilities at the source, but even more important is the ability to protect these applications once they have moved out of the testing environment and into production."

The data and analysis in the tCell Q2 2018 Security Report for Web Applications highlight new areas of risk and quantify threats, vulnerabilities and security incidents. The goal is to provide security and DevOps teams with information and visibility into security breaches that impact and occur within applications so they can better protect their business operations. The full report is available for download here:

Built with DevOps in mind, tCell's next-gen cloud WAF is the only application security solution that delivers continuous protection of applications and API services from real attacks across any infrastructure. By leveraging its unique runtime application self-protection (RASP) technology and cloud analytics, it protects the application on multiple levels from the client-side browser to the web and app server allowing for flexible deployment options.

Follow tCell

About tCell
tCell is a next-generation web app firewall for the cloud designed to overcome the limitations of traditional Web Application Firewalls. tCell's technology provides unparalleled visibility into application behavior, dramatically reducing false positives, protecting applications from attacks and providing actionable data to prevent future attacks. tCell's adaptive deployment models enable Security and DevOps organizations to deploy industry-leading security alongside mission-critical applications. tCell's customers include companies like Veeva Systems, Zenefits, and John Muir Health. More information can be found at  


Cision View original content with multimedia:


View Comments and Join the Discussion!