Penta Security Systems Inc. Announces Critical Cyber Security Vulnerability Statistics for First Half of 2015

South Korea's leading information security firm reports 2.4 billion web application security vulnerabilities in latest report

Nov 10, 2015, 09:00 ET from Penta Security Systems

SEOUL, South Korea, Nov. 10, 2015 /PRNewswire/ – Penta Security Systems Inc., a leading South Korean information security company, today announced the release of its annual Web Application Threat Report. The report is based on customer data logs of its enterprise-level web application firewall (WAF) WAPPLES, as well as its cloud-based WAF service Cloudbric.

For the first half of 2015, Penta Security reported a total of 2.4 billion web application attacks based on the Open Web Application Security Project (OWASP) Top 10 web risks. Penta Security determined that Sensitive Data Exposure was the most prevalent OWASP web risk with a 29.9% occurrence. This indicates that the majority of web attacks were focused on exposing website vulnerabilities. OWASP considers the impact of Sensitive Data Exposure as 'severe' due to prospective attackers' ability to access or modify confidential user information while businesses are still legally liable for damages.

Penta Security also discovered that 48.3% of attacks were motivated by web server vulnerability scanning, which also led to subsequent secondary and tertiary attacks. When analyzing web attack trends for the first half of 2015, Penta Security reported a large shift in attack methods towards more discreet and difficult to trace attacks in order to exploit sensitive data. For instance, the most frequent attacks used in the second half of 2014 were injection attacks, which can noticeably compromise a victim's web server and requires immediate resolution. However, in the first half of 2015, injection attacks decreased by 74% and were replaced by two separate attacks centered on accessing web server settings files and sending abnormal HTTP requests.

Penta Security categorizes these attacks under its WAPPLES detection rules known as 'Extension Filtering' and 'Request Header Filtering'. More specifically, Penta Security was able to deny access to 605,976,612 attacks listed under Extension Filtering and 120,760,619 attacks listed under Request Header Filtering respectively. Successful exposure of web server vulnerabilities, can lead to short term impacts, such as website vandalism or web server operation disruption. In the long term, these attacks can lead to the loss of authorization privileges for sensitive information, such as personal credit card information or private health records.

"Small and medium businesses are especially susceptible to Extension Filtering and Request Header Filtering categorized attacks since they are not outwardly visible or easily detectable attacks, thus, are more inherently dangerous. Website owners and businesses might not even know they are slowly being attacked." said Duk Soo Kim, the CTO of Penta Security Systems and Cloudbric.

This report is a complete and detailed overview of customer vulnerability statistics ranging across both large enterprises and small and medium businesses. All participating websites consented to the gathering and dissemination of malicious traffic data during this particular study period (January 1 to June 30), and no additional customer information was collected. Penta Security Systems specializes in comprehensive cyber security services for large enterprises, as well as affordable enterprise-level security for SMBs with its cloud-based WAF service Cloudbric. With over 18 years of cyber security expertise, Penta Security Systems has helped protect 117,000 websites, as well as block more than 108,000,000 web attacks per month. Penta Security Systems is the leading cyber security partner for a more safe and trusted online society.

For more information about Penta Security Systems's web application security, as well as its cloud based services, please visit and or contact Cloudbric at

Photo -

SOURCE Penta Security Systems