Menu Icon
< back to main
 • 3 min read

The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation

Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.

The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Jay Paz
Jay Paz

Jay has more than 12 years of experience in information security and 19+ years of information technology experience including system analysis, design, and implementation for enterprise level solutions. He has a robust background in developer supervision and training as well as in major programming languages, operating hardware and software, and major infrastructure application development.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community. We gathered data from over 1,500 pentests performed in 2020 to learn about the assets getting tested and the vulnerabilities discovered, along with interviewing over 600 security practitioners to learn how that data changes across different industries, company sizes, and more.

It’s no secret that cybersecurity is continuously evolving in today’s landscape, and vulnerabilities are a key driver of that change. That being said, here’s a sneak peek into The State of Pentesting 2021.

CTA

What are the biggest security vulnerabilities we observe?

Common Vulnerabilities Image

A core change we made for the 2021 report is that our focus is more granular. Rather than come to a halt at vulnerability categories, this year we analyzed individual findings in order to pinpoint the areas where teams are struggling, assess what they can do to remediate, and better yet prevent those vulnerabilities.

What’s the difference between vulnerability categories and types of findings?

Many findings fit into a specific vulnerability category. Vulnerability categories act as an umbrella term that can encompass a variety of more specific findings, each with a different level of risk, impact, or severity. By including both, we’re able to go more in-depth about where exactly companies are struggling.

The latest findings show security teams have been dealing with the same top 5 vulnerabilities for 4 years in a row.

There are several possible reasons for this, including the following:

  • Gaps in secure development
  • Insufficient investment in security awareness and training
  • Ineffective remediation
  • Bugs staying open because of low perceived impact and/or lack of resources

Remediated Issues Image

These statistics lead us to believe that security teams are struggling to effectively remove and prevent issues that are well known in the industry. By discovering these flaws, Cobalt is able to expose gaps in security and help prioritize remediation efforts with our Pentest as a Service platform.

Why are companies struggling with the same problems year after year?

We took a look at the bigger picture to assess why teams continue to struggle with the same types of problems, testing 4 different theories with 601 security practitioners across the US and DACH area. Download The State of Pentesting 2021 to see the results, along with a detailed list of instructions on fixing and preventing each vulnerability described in the report.

CTA

Modernizing Pentesting

Related Stories

2021 Cybersecurity Predictions: People, Ransomware and Data
2021 Cybersecurity Predictions: People, Ransomware and Data
While we know predicting the future can be futile, being prepared isn’t.
Read moreArrow Right
The State of Pentesting 2020
The State of Pentesting 2020
The State of Pentesting 2020 Finds Strong Relationship Between Security and Engineering
Read moreArrow Right
4 Security Lessons We Learned From 2020
4 Security Lessons We Learned From 2020
Some of the top lessons we’ve learned from qualitative & quantitative research, thought leadership pieces, panel discussions, and customer stories.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens