Information contained on this page is provided by an independent third-party content provider. WorldNow and this Station make no warranties or representations in connection therewith. If you have any questions or comments about this page please contact firstname.lastname@example.org.
Annual Study Finds That Ninety-Six Percent of Tested Applications Have Security Vulnerabilities
CAMPBELL, Calif., Feb. 19, 2014 /PRNewswire/ -- Cenzic, the leading provider of application security intelligence to reduce security risks, today released a new report which demonstrates that nearly all current applications contain security vulnerabilities that leave them vulnerable to cyber attacks. The newly released Cenzic Application Security Trends Report 2014 registers security flaws in 96 percent of tested applications – which continues to be alarmingly high.
The report, gathered by the Cenzic Managed Security team during its analysis of applications in production, shows that improvements in patch deployment and secure coding practices have made a slight impact on the incidence of vulnerabilities. However, the emergence of BYOD, cloud services and mobile applications – and the continued failure of organizations to detect and address exploits around information leakage, authentication and authorization, and session management are keeping vulnerabilities nearly ubiquitous. In fact, the median number of vulnerabilities per application – 14 – is actually greater than it was in the previous year – 13.
"In the three years that we have compiled this study, the frequency of application vulnerabilities discovered has remained consistently, astoundingly high," said Bala Venkat, Chief Marketing Officer (CMO) at Cenzic. "While some improvements in the development process have been made, other newer areas of vulnerability have emerged. It's a graphic illustration of the gigantic game of whack-a-mole that enterprises and software developers are playing – and a clear message that it's time to rethink the way we develop and test our applications."
The Cenzic Application Security Trends Report 2014 revealed a wide range of findings regarding application vulnerabilities including:
"While old standbys such as XSS and SQL injection may be coming under better control, emerging classes of vulnerabilities – such as information leakage, which is common in mobile applications – are growing," added Venkat. "The growth of emerging technologies and new application categories – such as cloud and mobile apps – increases the complexity of the security effort."
Many of today's vulnerabilities – even those that are relatively new – are preventable. Cenzic has outlined some key best practices to remind enterprises of some simple solutions that can help secure their applications:
"One of the chief obstacles that remains is to get software developers and enterprises to stop thinking of vulnerability scanning as a one-time project," Venkat stated. "As web applications evolve and make their journey traversing various production environments, the incidence of vulnerabilities is growing, not shrinking. Applications development and security teams must get together and implement a plan for continuous proactive monitoring of vulnerabilities, rather than the traditional, annual quality assessment."
The Cenzic Application Security Trends Report 2014 is available here. Cenzic will also be attending RSA 2014 in San Francisco and is available to discuss the findings there.
About Cenzic, Inc.
Cenzic provides the leading application security intelligence platform to continuously assess Cloud, Mobile and Web applications to reduce online security risk. Cenzic's solutions scale from single applications to enterprise-level deployments with hybrid approaches that enable testing of applications at optimal levels. Cenzic helps brands of all sizes protect their reputation and manage security risk in the face of malicious attacks. Cenzic's solutions are used in all parts of the software development lifecycle, and most importantly in production, to protect against new threats even after the application has been deployed. Cenzic's application security intelligence platform is architected to handle web, cloud and mobile applications and is the first to provide risk reduction recommendations for business, application developers and specific applications. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs.
©2012 PR Newswire. All Rights Reserved.