2024 State of Web Application Security Testing

This research report examines the current state of web application security testing and the challenges organizations face in improving testing and remediation effectiveness. The report is based on a survey of 349 security professionals from the UK and US, focusing on their experiences with vulnerability scanning and web application security testing. Key findings reveal that organizations are managing hundreds of web applications, with many experiencing significant security incidents weekly. Despite frequent updates to web applications, testing is often infrequent, leaving substantial portions of the attack surface untested. The report highlights that over 50% of respondents struggle to remediate vulnerabilities identified during testing. Additionally, many organizations lack formal processes for testing web applications in production, which contributes to security risks. The report also discusses the increasing interest in automation within web application security testing workflows as organizations seek to enhance efficiency and continuous testing capabilities.