Survey Reveals Lack of Testing for Web Applications
Bangalore: Web applications are prone to attacks because of their “external facing nature.” Security attacks on web applications results in loss of important information such as sensitive and confidential corporate information or intellectual property. This security breach can be a blow to an organization’s long-term performance.
Building secure web applications which are resistant to attacks is essential to a company’s IT posture and the ambition of protecting critical data and corporate information.
In July 2012, Coverity commissioned Forrester Consulting to conduct a study. The study was conducted on 240 software developers and security influencers. It highlighted the present application security practices and identified key trends and market directions across companies.
According to the survey published on coverity.com it is found that:
? Security incidents associated with applications are common and results in severe consequences.
? Most companies still fight with the most basic flaws, such as Security.
? Many organizations lack holistic or strategic way to application security.
? Application development, security teams and goals are found to be in non aligned condition for optimized results.
More than half (51 percent) of the participants reported that they have experienced at least one web application security incident in less than 24 months since the beginning of the year 2011. 13 percent reported that they experienced five or more incidents.
As a result of security breaches, 18 percent of the respondents informed that they have experienced losses of at least $500,000 or more. 28 percent of them said thay don’t know the cost of their breaches.
59 percent of participants said that the breaches had a negative impact on their professional reputation. While only 56 percent and 52 percent of the respondents informed that the breaches affected their customer’s confidence and damaged their brand name.
66 percent of the respondents who experienced more than 10 incidents said that they had trouble with default accounts and passwords and 55 percent reported security misconfigurations. A large majority (79 percent) reported that they have problems with scalability and budgets.
When respondents were asked to rank which categories of web application vulnerabilities present the biggest risk to their environments, 39 percent reported that SQL injection tops the list with an average of 5 to 10 incidents.
However, 41 percent of the developers revealed that the lack of time to market forced them not to give importance to security during the development phase.
Post your Comment
All form fields are required.