Application Security
We've curated 76 cybersecurity statistics about Application security to help you understand how safeguarding software from vulnerabilities and attacks is evolving in 2025. This includes best practices, emerging threats, and essential technologies to secure your applications effectively.
Showing 21-40 of 76 results
Use of risk-ranking methods to determine where LLM-generated code is safe to deploy increased by 12%.
14.5% of AI agent configuration files grant arbitrary code execution permissions for Python.
Automated verification of infrastructure security surged by more than 50%.
Teams using attack intelligence to track emerging AI vulnerabilities increased by 10%.
Web applications are the most attacked service type at 61%, up from 41% in 2024; remote management protocols account for 15%.
Organizations classified as 'Exceptional' in AppSec maturity are 3.6 times more likely to achieve a 20% or greater improvement in developer productivity compared to those in the 'Evolving' category.
Organizations classified as 'Exceptional' in AppSec maturity are 1.9 times less likely to experience a data breach than Emerging programs.
Organizations classified as 'Exceptional' in AppSec maturity are 3.7 times more likely than 'Emerging' programs to reduce negative user experiences by more than 20%.
89% of organizations believe that cloud and application security must be fully integrated with the SOC.
Organizations classified as 'Exceptional' in AppSec maturity are 3.6 times more likely to report a 20% or greater improvement in application availability compared to the average.
66% of retailers plan to invest significantly in application security to prepare for evolving threats.
96% of respondents indicated that Application security requires significant or moderate improvement.
47% of respondents surveyed have expert-level skill in application security.
43% of respondents surveyed need significant skill improvement in application security.
51% of teams have fully addressed OWASP Top 10 threats, meaning nearly half remain exposed to foundational risks.
58% of security teams report frequent false positives from application security scanners.
11% of security teams say application security false positives happen constantly.
Nearly 90% of organizations allocate just 11–20% of their security budgets to application security.
Only 36% of organizations involve security at the planning stage of software development.
36% of companies spend more on network security than AppSec.