Web Applications Security Statistics Report


WhiteHat Security’s eleventh annual Web Applications Security Statistics Report was compiled using data collected from tens of thousands of websites, reveals that on average the majority of web applications exhibit two or more serious vulnerabilities per application for every industry at any given point in time.

The report’s findings are based on the aggregated vulnerability scanning and remediation data from web applications that use the WhiteHat Sentinel service for security testing. The research shows that no industry has mastered application security, and of the 12 industries analyzed in this report, the information technology (IT), education, and retail industries suffer the highest number of critical or high-risk vulnerabilities per web application, at 17, 15 and 13 respectively.

The findings also highlight that the IT and retail industries struggle to remediate in a timely manner. It takes approximately 250 days for IT and 205 days for retail businesses to fix the software flaws. Additionally, highly regulated industries, such as financial services and healthcare, are not performing significantly better than the rest.


Download the report to learn:


  • Which industries declined, improved, or greatly improved their remediation rates
  • How many vulnerabilities are typically remediated and the average time to resolve
  • Why knowing your risk rating can help you prioritize which vulns to fix first
  • The 3 most common web application vulnerabilities