We research the web security of 5.000 major German companies from different industries. 7,5% of companies have at least one critical vulnerability on the production site, and all of them have some vulnerabilities.
Crashtest Security, the leading German provider of web application security, set itself the goal of increasing cyber security in Germany and making companies more resilient to attacks from the web. They needed a measurement basis for this goal and decided to use the online presence of 5,353 companies listed in German industry associations.
Only publicly available information from the company websites was examined. This information can be viewed and possibly exploited by all web users. The analyzed attack scenarios include SSL and TLS encryption analyses, fingerprinting for frameworks used, and scans for open ports.