Security - Channel Insider

Empowering the next generation Channel

Home

Security

More Than Half of Web Apps Fail Security Audits

[ci] deep dives:

Managed Services Distribution Careers Linux and Unix Computer Networking Printers Security SMB Partner Storage Surveys Solution Builder Messaging/Collaboration Dell Reseller Microsoft Partner

More Than Half of Web Apps Fail Security Audits

in Security

DATE: 2011-04-22 | By Channel Insider Staff

Article Rating:

/ 0
Article Views: 4173

More Security Coverage

<<Previous Security News Next Security News >>

Security doesn't seem to be the first thing on the mind of web application developers, and some big security firms are on the list of offenders.

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

More than half of Web applications have some kind of serious security flaw after development, according to a research report, suggesting that software developers need to improve their security coding skills.

About 58 percent of Web applications generally fail a security audit the first time around, according to Veracode’s State of Software Security report, released April 19. Veracode analyzed 4,835 applications that were submitted to its cloud-based application testing service for a security audit over a space of 18 months.

Even more worrying, 66 percent of applications developed by the software industry, as opposed to other sectors, were initially found to have an unacceptable level of security quality. Software organizations are turning out more insecure applications than other companies, the study found. Of the applications from the software companies, 72 percent of security products and 82 percent of customer-focused applications submitted to Veracode were deemed unacceptable, securitywise.

Security vendors tasked with protecting enterprises are often the most at risk due to the poor quality of their very own software applications, Veracode found.

“Software remains fundamentally flawed,” and no industry sector is immune to application security risk, the report found. However, the finance industry generally produced the cleanest code, according to the report.

The good news is that developers are learning from their mistakes quickly. More than 90 percent of the software that failed the audit the first time addressed the issues and passed a subsequent test within one month. Security products were fixed even faster, becoming “acceptable” in just three days.

The report has a slight reporting bias as the organizations voluntarily submitted their applications to the testing service. However, the findings highlight how widespread application insecurity has become if more than half of the applications from companies in the security software business fail the audit. The Verizon Data Breach Investigation Report, released the same day, found that Web application attacks accounted for 22 percent of all attacks that resulted in a data breach, and were the source of 38 percent of leaked records.

For more, read the eWEEK article: More Than Half of Web Apps Fail Security Audit Prior to Deployment.

comments dic



	>>> More Security Articles >>> More By Channel Insider Staff

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

Follow @ChannelInsider
< Prev | Next >

about 5 hours agoAssessing the Impact of HP Layoffs - HP needs channel partners to help put some distance between it all the drama ... http://t.co/2H0Gq8HJ
about 7 hours agoThin Client Opportunity Gets Richer for the Channel - IT organizations are rethinking client strategy in the age of ... http://t.co/JxUbh24m
May 23rd 4:38 PMPutting a Channel Face on the Cloud - Amazon, Google and others may leverage the channel to compete more aggressivel... http://t.co/RUeo9iT5
May 22nd 10:41 PMExpanding the Reach and Scope of Desktop Virtualization - VMware moves to acquire Wanova - VMware has set out to ... http://t.co/Ad020fhT
May 22nd 8:58 PMConsidering the IBM Watson Possibilities - IBM looks to the channel to help find new use cases for cognitive computi... http://t.co/CAljVbac
May 22nd 8:54 AMVariations on a Cloud Storage Theme in the Channel - EMC expands focus on the cloud via a channel that is wrestling ... http://t.co/MORSpkkb
May 21st 10:43 AMRightsizing the Cloud Service Provider - Cloudbursting will alter the way the channel thinks about cloud computing i... http://t.co/eZ33qdKE
May 17th 6:39 PMThe Future of IT Services - Automated managed services are transforming the way IT services are delivered - Histo... http://t.co/w4zvAS8u
May 17th 12:39 PMRising to the Cloud Application Management Challenge - BetterCloud previews management tool for Google Apps environm... http://t.co/KzhO7FlP
May 16th 11:00 AMPlaying the IT Services Name Game - HP expands ability of partners to deliver branded services as part of effort to ... http://t.co/XU3QOnKz

[ci] feeds

Add Channel News, Product Reviews, Trends and Analysis to your RSS newsreader or My Yahoo!

CHANNEL SPONSORED RESOURCE CENTER

Start the New Year with business intelligence—it’s a smart move
Join us on February 1 for an encore rebroadcast at either 5 am or 12 noon EST and discover how business intelligence (BI) supports companies in uncertain business and economic climates. Get expert advice on how to create a strategy that fits your organization's needs and budget and see how quickly it can pay for itself.
Click Here

Security and Availability Essentials for Running Your Business in the Cloud
Are you moving to the cloud? Find out what every IT professional should know about security and availability before moving to the cloud. Hear what a security provider’s own CSO has to say.
Watch Video

New Tool Analyzes Data Without Bias

A new algorithm automatically identifies relationships between variables to help reduce researcher prejudice.
Click Here

Channel Insider:

Security:
Network Security
Enterprise Networking
Infrastructure Security
How To: Data
IT Security News
Security Watch Blog
Secure Channel Blog

Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
Storage Reviews
Data Storage News
How To: Storage
Storage Station Blog

Computing:
Apple OSX
Linux Systems
Windows Vista
Managed Print Services
Cloud Computing
Computer Reviews
Microsoft Watch Blog
Apple Watch Blog
Google Watch Blog

Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Mobile Applications
Wireless News
Mobile Reviews

Apps & Development:
Application Development
SAAS
Search Engines
Database Software
Web 2.0
IT Project Management
Emerging Tech Blog
CIO Insight Blogs
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
Value Added Resellers

More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Podcasts
Tech Videos
Complementary Magazine Subscriptions

Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Publish Online
Web Buyers Guide

Developer Websites:
Microsoft DevSource
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware

Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
eWeek is your best source for the latest Technology News.
ZDE Cluster 11

More Than Half of Web Apps Fail Security Audits

More Security Coverage

Security doesn't seem to be the first thing on the mind of web application developers, and some big security firms are on the list of offenders.

Related Content

Follow @ChannelInsider < Prev | Next >

Follow @ChannelInsider
< Prev | Next >