Abandoned web applications 'hidden threat to corporate security'

News by Tom Reeve

Abandoned, ageing and unmaintained web applications are the 'Achilles Heel' of corporate security, according to new research from High-Tech Bridge.

Abandoned and unmaintained web applications pose a silent security risk to major companies around the globe, according to newly released research by High-Tech Bridge.

It scanned web and mobile applications belonging to 1,000 of the largest global companies listed on the FT US 500 and FT Europe 500. The non-intrusive scans assessed external web and mobile applications, SSL certificates, web software and unprotected cloud storage.

It found that shadow and legacy applications were undermining cyber-security and compliance because they were either not security compliant or were not being maintained. In some cases, applications had been abandoned, providing points of access into corporate networks and internet assets while growing increasingly vulnerable and outdated.

Of the 500 US companies scanned, it found 293,512 external systems accessible from the internet. Of these, 42,549 were live, dynamic web applications – which works out to more than 85 applications per company.

Among EU companies, High-Tech Bridge found 112,750 externally accessible systems, 22,162 of which were live and dynamic – working out to more than 44 applications per company.

Web applications accessible from the Internet


FT US 500 Total


FT 500 EU Total


Average quantity of applications per company


FT US 500


FT EU 500


* Source: High-Tech Bridge

Ilia Kolochenko, High-Tech Bridge CEO and founder, commented: "The research has clearly demonstrated that abandoned and unmaintained applications are a plague of today.

"Large organisations have so many intertwined websites, web services and mobile apps that they often forget about a considerable part of them. Legacy applications, personnel turnover, lack of resources, outsourcing and offshoring exacerbate the situation.

"On the other side, cybercriminals are well organized and very proactive. As soon as a new vulnerability is discovered in a popular CMS - they instantly start its exploitation in the wild, leaving cybersecurity teams virtually with no chance."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews