Pen-test-as-a-service firm Cobalt found in nearly 1,000 pen tests using its platform in 2018 that 60% of all security misconfigurations are mistakes with security headers and application settings. Cobalt has seen misconfiguration as the No. 1 vulnerability for the past three years of its pen-testing. Half of organizations say it’s too expensive to perform pen tests more regularly than they currently do, according to the survey. Half say pen testing is a high priority, but only 2% say it a low priority.”]
Source: https://www.darkreading.com/application-security/what-the-appsec-penetration-test-found