Based on user base metrics, the following data reveal the above trend:

    • Most attacks on web applications in the user base had targeted security misconfigurations such as coding and implementation errors (30%) or code injection (21%), where an attacker injects a malicious block of code that is then interpreted/executed by the web app. Other threats such as SQL injections and LDAP injections are also common.
    • The software supply chain for critical apps (including web apps) may also have vulnerabilities, as demonstrated by the Log4Shell vulnerability.
    • Bot attacks on web apps were also commonly detected in the 2023 user base, with 53% being used for volumetric Distributed Denial-of-Service attacks. These attacks used IoT devices and were based on brute force techniques that flooded the target with data packets to use up bandwidth and resources. Such attacks were also used as a cover for a more serious and targeted attack against the network.