Study: 96 Percent Of Applications Have Security Vulnerabilities

  /     /     /  
Publicated : 22/11/2024   Category : security


Study: 96 Percent Of Applications Have Security Vulnerabilities


Nearly all applications tested have security flaws, Cenzic study says; information leakage is chief culprit



Enterprises and software developers are starting to get control of old vulnerabilities such as SQL injection and cross-site scripting, according to a study published this week. But new vulnerabilities are taking their place, leaving flaws in nearly every application tested.
Ninety-six percent of applications tested have at least one security vulnerability, according to a
study published by application security firm Cenzic earlier this week
. This figure has dropped slightly -- the same study turned up flaws in 99% of apps in 2011 and 1012 -- but the vulnerabilities remain nearly ubiquitous.
In fact, the median number of vulnerabilities per application found in this years study – 14 – is actually greater than it was in the previous year – 13.
While some improvements in the development process have been made, other newer areas of vulnerability have emerged, says Bala Venkat, chief marketing officer at Cenzic, which compiled the numbers through an analysis of production applications scanned by its tools. Its a graphic illustration of the gigantic game of whack-a-mole that enterprises and software developers are playing – and a clear message that its time to rethink the way we develop and test our applications.
Information leakage -- in which an application exposes information about itself, its connections, or its users -- was the primary category of vulnerability in this years study, accounting for almost one quarter (23 percent) of security flaws. This category displaced older vulnerabilities such as cross-site scripting (XSS), which still is found in almost as many applications.
We found that the growth of mobile and cloud applications is causing a slight shift in the types of vulnerabilities we are finding, Venkat says. But the prevalence of vulnerabilities has not changed significantly.
Enterprises and their software development teams need to rethink their processes, Venkat says, focusing more attention on security during the development cycle.
Web application firewalls can also help enterprises identify vulnerabilities early and prevent them from leading to greater damage, Venkat says. Closer attention to basic issues such as server configuration can also help enterprises to minimize the impact of vulnerabilities in their applications, he adds.
One of the chief obstacles that remain is to get software developers and enterprises to stop thinking of vulnerability scanning as a one-time project, Venkat stated. As web applications evolve and make their journey traversing various production environments, the incidence of vulnerabilities is growing, not shrinking. Applications development and security teams must get together and implement a plan for continuous proactive monitoring of vulnerabilities, rather than the traditional, annual quality assessment.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Study: 96 Percent Of Applications Have Security Vulnerabilities