QA City

Join Hands to Build a Smarter India: Sign in | Join now
Most Popular

Survey Reveals Lack of Testing for Web Applications

By SiliconIndia   |   Tuesday, 25 September 2012, 06:13 Hrs
Print Email

Bangalore: Web applications are prone to attacks because of their “external facing nature.” Security attacks on web applications results in loss of important information such as sensitive and confidential corporate information or intellectual property. This security breach can be a blow to an organization’s long-term performance.

Building secure web applications which are resistant to attacks is essential to a company’s IT posture and the ambition of protecting critical data and corporate information.

In July 2012, Coverity commissioned Forrester Consulting to conduct a study. The study was conducted on 240 software developers and security influencers. It highlighted the present application security practices and identified key trends and market directions across companies.

According to the survey published on it is found that:

?    Security incidents associated with applications are common and results in severe consequences.
?    Most companies still fight with the most basic flaws, such as Security.
?    Many organizations lack holistic or strategic way to application security.
?    Application development, security teams and goals are found to be in non aligned condition for optimized results.

More than half (51 percent) of the participants reported that they have experienced at least one web application security incident in less than 24 months since the beginning of the year 2011. 13 percent reported that they experienced five or more incidents.

As a result of security breaches, 18 percent of the respondents informed that they have experienced losses of at least $500,000 or more. 28 percent of them said thay don’t know the cost of their breaches.

59 percent of participants said that the breaches had a negative impact on their professional reputation. While only 56 percent and 52 percent of the respondents informed that the breaches affected their customer’s confidence and damaged their brand name.

66 percent of the respondents who experienced more than 10 incidents said that they had trouble with default accounts and passwords and 55 percent reported security misconfigurations. A large majority (79 percent) reported that they have problems with scalability and budgets.

When respondents were asked to rank which categories of web application vulnerabilities present the biggest risk to their environments, 39 percent reported that SQL injection tops the list with an average of 5 to 10 incidents.

However, 41 percent of the developers revealed that the lack of time to market forced them not to give importance to security during the development phase.

Sign Up for QA Digest and Read the Day's Highlights
Don't Miss
Experts on QA
Sasank Taraka Kumar
QA Lead
RAM Informatics Ltd
Dr Sanjay  Gupta
Lean Leader
Sudhir  Patnaik
Director Engineering
Intuit India
Seetharama  Shetty
Sr QA Analyst
Arctern Consulting
Kiran  Rayachoti
Sr Program Manager
Sapient Corporation
Bobin Motti  Thomas
Sr Tech. Associate
Tech Mahindra
Saudagar  Shinde
General Manager
TTP Technologies Pvt
Ramesh  Loganathan
VP Products
Progress Software
Write your comment now
This report is the result of the largest public-private sector rese...
For those not familiar with the Coverity Scan™ service, i...