Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
    data driven insights
    How Data-Driven Insights Are Addressing Gaps in Patient Communication and Equity
    8 Min Read
    pexels pavel danilyuk 8112119
    Data Analytics Is Revolutionizing Medical Credentialing
    8 Min Read
    data and seo
    Maximize SEO Success with Powerful Data Analytics Insights
    8 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: Only 18% of Software Apps Pass Security Tests
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > Only 18% of Software Apps Pass Security Tests
SecuritySQL

Only 18% of Software Apps Pass Security Tests

AlexOlesker
AlexOlesker
0 Min Read
SHARE

Over the past 18 months, almost 10,000 software applications from the government and private sector were submitted to Veracode’s 

Over the past 18 months, almost 10,000 software applications from the government and private sector were submitted to Veracode’s online security testing platform for independent security auditing and 8 out of 10 failed to achieve an acceptable level of security on their first try. Veracode reached this conclusion by automatically checking submitted apps for over 100 types of flaws. That’s not to say the 18% that passed were flawless, merely that their security gaps weren’t glaring. Take into account that developers who have their applications tested by an independent third party are likely more security conscious to begin with, and you paint a pretty grim picture or software application security.

In government, 75% of applications had cross-site scripting problems, which means that attackers could find ways to input malicious code onto a webpage. These attacks are often used to get sensitive information maintained by a user’s browser, such as session cookies that can then be utilized to impersonate the  user. According to Veracode, one reason for the prevalence of cross-site scripting issues was that many government apps were built using Cold Fusion, a programming language more likely to produce such flaws than languages more commonly used for commercial applications. In addition, 40% of government applications were vulnerable to SQL injections, which allow unauthorized users to get into back-end databases through a website. SQL injection flaws have grown less common over the past few years in the app market as a whole, but they have failed to improve in government despite all of the “wake up calls” declared earlier when LulzSec used this method of attack along with cross-site scripting to hack government and industry websites. Veracode CTO Chris Wysopal believes that while companies have to deal with angry customers, the government only needs to worry about meeting regulations and standards and hence faces less pressure to develop secure applications.

That doesn’t mean that commercial software apps fared much better, they simply had a more diverse set of problems such as buffer overflows and management issues. Veracode found that 3% of commercial applications had backdoors, initially put in place for debugging and diagnostic support, that can be used by attackers. They also looked at about 100 Android enterprise mobile applications and found that 40% had hard-coded crypographic keys, which are keys that are fixed in the source code. If the mobile device is lost or stolen a thief could get into the application without additional credentials or a hacker could decomplie the source code to get the key.

More Read

Image
Cyber Security: How to Cover Your SaaS
AI Is Vital To Cybersecurity During COVID-19: Don’t Underestimate Risks
Can ICO Data Awareness Campaigns Create More Trust In Crypto?
Worst Data Security Threats Remote Workers Can’t Ignore
Citizens Look to Big Data to Protect Against Draconian Government Oversight

This startling data confirms that government and industry alike should assume that their applications are vulnerable. Rather than responding to incidents reactively, they should presume breach and make sure their auditing and remediation processes are in order. They should also try to pinpoint what their vulnerabilities are, as in all likelihood their applications are flawed,  with the help of services such as Veracode. This way, they can prevent breaches or at least make vulnerabilities harder to find.

Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

AI and data mining
What the Rise of AI Web Scrapers Means for Data Teams
Artificial Intelligence Big Data Exclusive
power supplies for ATX for data scientists
Why Data Scientists Should Care About SFX Power Supplies
Big Data Exclusive
AI for website optimization
Free Tools to Test Website Accessibility
Artificial Intelligence Exclusive
Generative AI models
Thinking Machines At Work: How Generative AI Models Are Redefining Business Intelligence
Artificial Intelligence Business Intelligence Exclusive Infographic Machine Learning

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

follow these vpn protocols for data security
Security

Proven VPN Protocols to Safeguard Your Data

9 Min Read
Image
Security

eBay’s Data Breach Exposes 145 Million User Records

5 Min Read
big data security 2017-18
Best PracticesComputingData ManagementExclusiveRisk ManagementSecurity

The Direst Security Breaches of 2017 and How Data Centers Are Responding

5 Min Read
anti-spoofing tips
Security

Anti-Spoofing is Crucial for Data-Driven Businesses

6 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence
ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?