Skip to main content
HomeTopicsApplication Security

Application Security

We've curated 113 cybersecurity statistics about Application security to help you understand how safeguarding software from vulnerabilities and attacks is evolving in 2025. This includes best practices, emerging threats, and essential technologies to secure your applications effectively.

Showing 21-40 of 113 results

More than 50% of CISOs at enterprises agree that business users are building applications that support business-critical processes.

Nokod5/27/2026
Business ContinuityEnterprise Operations

Popular tools for managing unstructured data include data encryption (62%), cloud security (60%), application security (59%), and identity and access management (56%).

Cloud Security Alliance (CSA) and Thales5/27/2026
Data SecurityCloud Security

The United States accounted for 23% of application-layer DDoS attack representation.

Gcore5/27/2026
DDoSUS

After prioritization, the average organization manages 795 critical findings, up from 202 the prior year (nearly quadrupling).

OX Security5/27/2026
Critical FindingsPrioritization

High Business Priority is the most frequent risk-elevating factor at 27.76%, followed by PII Processing at 22.08% and CVSS High Severity at 20.55%.

OX Security5/27/2026
Vulnerability Scoring

Average raw alerts per organization are 865,398, a 52% increase from 569,354.

OX Security5/27/2026
Raw Alerts

Critical findings constitute 0.092% of raw findings, up from 0.035%.

OX Security5/27/2026
Critical Findings

Nearly one-third of organizations expose valid secrets in code.

Orca Security5/27/2026
Secrets ManagementSecrets Exposure

64% of application-layer DDoS attacks exceed 10 minutes.

Gcore5/27/2026
DDoS

Of three leading coding agents evaluated (Claude, Codex, and Gemini), Codex finishes with the fewest vulnerabilities and demonstrates stronger remediation behavior during development.

DryRun Security5/27/2026
Vulnerability RemediationAI Development

143 security issues are identified across 38 security scans.

DryRun Security5/27/2026
Security ScanningVulnerabilities

26 of 30 pull requests (87%) introduce at least one vulnerability.

DryRun Security5/27/2026
VulnerabilitiesAI Development

Anthropic's Claude produced the highest number of unresolved high-severity vulnerabilities in the final applications.

DryRun Security5/27/2026
High-Severity VulnerabilitiesAI Development

No AI coding agent evaluated (Claude, Codex, and Gemini) produced a fully secure application.

DryRun Security5/27/2026
AI DevelopmentCoding Agents

Four authentication-related weaknesses appeared in every final codebase: insecure JWT verification and management; lack of application-level brute force protections; exposure to token replay attacks; and insecure defaults for refresh token cookie configurations.

DryRun Security5/27/2026
AuthenticationCoding Agents

50% of organizations rank secrets management among their top application security challenges.

Thales5/27/2026
Secrets ManagementIdentity Management

Attacks that begin with exploitation of public-facing applications increased by 44%, largely driven by missing authentication controls and AI-enabled vulnerability discovery.

IBM5/27/2026
Vulnerability ManagementPublic-Facing Applications

More than half of developers are uncertain how to properly secure AI-written mobile applications.

Guardsquare2/22/2026
AIAI-Written Mobile Apps

62% of security professionals are blind to shadow or undocumented APIs.

Rein Security2/22/2026
APIsShadow APIs

88% of CISOs and AppSec executives are willing to replace API security solutions.

Rein Security2/22/2026
API Security