Cross-site scripting, or XSS, grabs the dubious distinction of the most popular attack vector in 2019. This made up nearly 40 per cent of all attacks logged by security researchers, who also noted that almost 75 per cent of large companies across Europe and North America had been targeted over the last year.
According to the PreciseSecurity.com research, SQL injection came second, followed by fuzzing. The researchers also found that 72.3 per cent of all cyber-attacks specifically targeted websites, with APIs coming in a very poor second at a mere 6.99 per cent.
Simon Roe, product manager at Outpost24, said that the preference for targeting websites was highly likely to continue into 2020.
"Websites will continue to be hacked. Some of them will result in big hefty GDPR related fines. Many of these will likely be through third-party components. Magecart will continue to feature highly in the successful hacks that impact organisations financial data."
Despite the adoption of Shift left and Dev(Sec)Ops, web breaches will continue to be one of the largest reasons attacks are successful, he noted.
"This will be especially true as organisations continue to developer applications quickly to meet ever changing market demands. Sadly, the OWASP top 10 is still fairly static in the top issues, and despite training and education available to help developers improve secure coding we will still see the same kinds of issues across many applications"
Read the full article by Simon Roe, product manager at Outpost24 here: