Citadelo vulnerability stats 2022

Citadelo vulnerability stats 2022

Our Citadelo superheroes conducted a thorough analysis of 388 projects, identifying a total of 2,859 vulnerabilities with varying levels of criticality. We performed penetration tests on an average of 8 projects per week and found an average of 7 vulnerabilities in each project.

Our data underscores the critical need for comprehensive penetration testing for IT projects, regardless of industry. As cyber-attacks become more frequent and sophisticated, penetration testing and full-stack security assessments are more critical than ever.

Vulnerabilities found

We categorized the vulnerabilities we found into five different risk types:

  • Note
  • Low
  • Medium
  • High
  • Critical

Note risks accounted for the largest proportion of vulnerabilities identified, comprising 48% of all vulnerabilities. However, the 158 critical vulnerabilities we discovered could have resulted in catastrophic consequences if not immediately remedied.

Risks by project type

Web-based projects, including websites and APIs, made up the majority of projects we tested, accounting for 49.1% of all projects. Mobile app projects were the second most common type at 15.3%, followed closely by Cloud at 14.5%.

Our analysis showed that mobile apps were particularly susceptible to Note vulnerabilities, as client-side layers are where these types of vulnerabilities are most prevalent.


Our report provides a snapshot of the current state of cybersecurity and highlights the importance of comprehensive penetration testing in 2022. As hackers ourselves, we believe in the power of ethical hacking to uncover vulnerabilities before the bad guys do. Our team is dedicated to executing the 2,859 vulnerabilities we detected to ensure our clients’ security.

Download the full report with all of our statistics and analysis here.

So, if you’re feeling vulnerable and want to hack-proof your business, contact us at [email protected]. With our expertise and experience, we can provide a comprehensive penetration testing and full-stack security assessment to identify and remediate any vulnerabilities in your businesses.

About the author

Citadelo is a firm of ethical hackers on your side. We think like hackers, but we don't abuse it. On the contrary, our main goal is to reveal vulnerabilities without causing damage. We have been conducting simulated attacks for our clients since 2006
Show more from author

Related blogs