Application security is rising to the top of the list in terms of priorities for IT managers next year, according to a new survey from The InfoPro.As organizations begin planning their 2010 budgets, many have
targeted application security as a top priority for the coming year,
according to a new report from The InfoPro released today.
The New York-based research firm released its Information Security
Study following thorough interviews with 246 security professionals at
Fortune 1000 organizations and midsize enterprises in North America and
Europe this year. The general consensus was that mitigating risks in
the application stack is the most pressing concern among practicing
infosec experts.
The emphasis on application security tracks with the current threat
landscape. According to the Verizon Business 2009 Data Breach
Investigations Report, 79 percent of data breaches in 2008 were
compromised via Web applications.
According to TheInfoPro’s recent interviews, approximately 82 percent
of those studied reported that applications available outside the
corporate firewall worry them most. The InfoPro analysts found that
slightly more than half of applications named by Fortune 1000
respondents fall in this category.
According to the survey, though awareness has risen regarding
application threats most organizations still lack the fundamentals of a
strong application security practice. Only 38 percent of Fortune 1000
respondents use static application analysis tools. Of those without,
only an additional 17 percent plan on implementing such tools in the
future.
Meanwhile, in a different survey conducted by application security
vendor Breach Security at last week’s Black Hat event in Las Vegas, 60
percent of security pros said it takes their companies between one and
four weeks to remediate a SQL injection, cross-site scripting attack or
other critical web vulnerabilities—a period of ions in an era when the
typical malware campaign is conducted within just a matter of days or
even hours.
The growing push to amp up corporate application security practices has
been evidenced by a lot of recent market movement. Last week IBM picked up the application security firm Ounce Labs for an undisclosed amount. And just last month Verizon Business rolled out a new application security service to its customers.