Application Security
We've curated 113 cybersecurity statistics about Application security to help you understand how safeguarding software from vulnerabilities and attacks is evolving in 2025. This includes best practices, emerging threats, and essential technologies to secure your applications effectively.
Related Topics
Showing 21-40 of 113 results
More than 50% of CISOs at enterprises agree that business users are building applications that support business-critical processes.
Popular tools for managing unstructured data include data encryption (62%), cloud security (60%), application security (59%), and identity and access management (56%).
The United States accounted for 23% of application-layer DDoS attack representation.
After prioritization, the average organization manages 795 critical findings, up from 202 the prior year (nearly quadrupling).
High Business Priority is the most frequent risk-elevating factor at 27.76%, followed by PII Processing at 22.08% and CVSS High Severity at 20.55%.
Average raw alerts per organization are 865,398, a 52% increase from 569,354.
Critical findings constitute 0.092% of raw findings, up from 0.035%.
Nearly one-third of organizations expose valid secrets in code.
64% of application-layer DDoS attacks exceed 10 minutes.
Of three leading coding agents evaluated (Claude, Codex, and Gemini), Codex finishes with the fewest vulnerabilities and demonstrates stronger remediation behavior during development.
143 security issues are identified across 38 security scans.
26 of 30 pull requests (87%) introduce at least one vulnerability.
Anthropic's Claude produced the highest number of unresolved high-severity vulnerabilities in the final applications.
No AI coding agent evaluated (Claude, Codex, and Gemini) produced a fully secure application.
Four authentication-related weaknesses appeared in every final codebase: insecure JWT verification and management; lack of application-level brute force protections; exposure to token replay attacks; and insecure defaults for refresh token cookie configurations.
50% of organizations rank secrets management among their top application security challenges.
Attacks that begin with exploitation of public-facing applications increased by 44%, largely driven by missing authentication controls and AI-enabled vulnerability discovery.
More than half of developers are uncertain how to properly secure AI-written mobile applications.
62% of security professionals are blind to shadow or undocumented APIs.
88% of CISOs and AppSec executives are willing to replace API security solutions.