You are here

Pentest Report – Top 10 vulnerabilities in web applications

White Papers & Publications
04 May 2021

Our ethical hacking team has highlighted key statistics in an annual report based on pentests they performed on web applications in 2020.

We are pleased to share with you - in our first edition:

  • The top 10 vulnerabilities
  • The real value of penetration testing (scanner and human)
  • Our recommendations to improve the security of your web applications

An interesting read for Product Managers, Developers, CISOs, IT & Security teams.

Some key statistics about the vulnerabilities

  • 100% of pentested applications presented at least one vulnerability
  • 51,5% had at least one critical issue
  • 49% of detected flaws were due to security misconfigurations
  • 28% of all injection and broken access control issues are classed as critical

Why organisations asked our ethical hackers to pentest their web applications?


Web applications are a target of choice for cyber-attacks. With digitalisation, more and more sensitive data is stored digitally and processed through these applications, they have become a gold-mine for hackers to exploit.

Automated scans can detect many issues but manual pentesting is the only way to assess your real risks. A human review can identify logical and content flaws that a scan simply can’t.

To avoid a data breach at their customers or for business purposes (security expectations from clients), organisations want to assess the vulnerabilities on the web applications they developed to identify and fix the vulnerabilities (internally or externally).

That is why we focus our report on the web applications we pentested for our customers in 2020.


How can our ethical hacking team help you improve your security posture?

  1. We identify your vulnerabilities with automated scans and manual pentesting
  2. We provide an action plan with short and long term recommandations to fix the detected vulnerabilities considering their risk levels (in a report)
  3. We support you to quickly address those vulnerabilities
  4. We raise security awareness across your organisation
  5. We can also coach and train your software developers to acquire the security mindset and reduce the mistakes made during the early stages of development.

Find out quickly where you are vulnerable with a pentest before hackers get the chance to exploit your weaknesses! Get in touch with our ethical hacking team to find the best option for you.

Share this publication


By clicking on the request button above, you agree to our privacy statement