By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    data-driven image seo
    Data Analytics Helps Marketers Substantially Boost Image SEO
    8 Min Read
    construction analytics
    5 Benefits of Analytics to Manage Commercial Construction
    5 Min Read
    benefits of data analytics for financial industry
    Fascinating Changes Data Analytics Brings to Finance
    7 Min Read
    analyzing big data for its quality and value
    Use this Strategic Approach to Maximize Your Data’s Value
    6 Min Read
    data-driven seo for product pages
    6 Tips for Using Data Analytics for Product Page SEO
    11 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Only 18% of Software Apps Pass Security Tests
Share
Notification Show More
Latest News
anti-spoofing tips
Anti-Spoofing is Crucial for Data-Driven Businesses
Security
ai in software development
3 AI-Based Strategies to Develop Software in Uncertain Times
Software
ai in ppc advertising
5 Proven Tips for Utilizing AI with PPC Advertising in 2023
Artificial Intelligence
data-driven image seo
Data Analytics Helps Marketers Substantially Boost Image SEO
Analytics
ai in web design
5 Ways AI Technology Has Disrupted Website Development
Artificial Intelligence
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > Only 18% of Software Apps Pass Security Tests
SecuritySQL

Only 18% of Software Apps Pass Security Tests

AlexOlesker
Last updated: 2011/12/12 at 10:30 AM
AlexOlesker
0 Min Read
SHARE
- Advertisement -

Over the past 18 months, almost 10,000 software applications from the government and private sector were submitted to Veracode’s 

Over the past 18 months, almost 10,000 software applications from the government and private sector were submitted to Veracode’s online security testing platform for independent security auditing and 8 out of 10 failed to achieve an acceptable level of security on their first try. Veracode reached this conclusion by automatically checking submitted apps for over 100 types of flaws. That’s not to say the 18% that passed were flawless, merely that their security gaps weren’t glaring. Take into account that developers who have their applications tested by an independent third party are likely more security conscious to begin with, and you paint a pretty grim picture or software application security.

In government, 75% of applications had cross-site scripting problems, which means that attackers could find ways to input malicious code onto a webpage. These attacks are often used to get sensitive information maintained by a user’s browser, such as session cookies that can then be utilized to impersonate the  user. According to Veracode, one reason for the prevalence of cross-site scripting issues was that many government apps were built using Cold Fusion, a programming language more likely to produce such flaws than languages more commonly used for commercial applications. In addition, 40% of government applications were vulnerable to SQL injections, which allow unauthorized users to get into back-end databases through a website. SQL injection flaws have grown less common over the past few years in the app market as a whole, but they have failed to improve in government despite all of the “wake up calls” declared earlier when LulzSec used this method of attack along with cross-site scripting to hack government and industry websites. Veracode CTO Chris Wysopal believes that while companies have to deal with angry customers, the government only needs to worry about meeting regulations and standards and hence faces less pressure to develop secure applications.

That doesn’t mean that commercial software apps fared much better, they simply had a more diverse set of problems such as buffer overflows and management issues. Veracode found that 3% of commercial applications had backdoors, initially put in place for debugging and diagnostic support, that can be used by attackers. They also looked at about 100 Android enterprise mobile applications and found that 40% had hard-coded crypographic keys, which are keys that are fixed in the source code. If the mobile device is lost or stolen a thief could get into the application without additional credentials or a hacker could decomplie the source code to get the key.

More Read

anti-spoofing tips

Anti-Spoofing is Crucial for Data-Driven Businesses

Fortifying Enterprise Digital Security Against Hackers Weaponizing AI
How to Plan a Cybersecurity Strategy for Your Small Business
How Vulnerable Are Supply Chains to Hacking?
How IEC 62443 and Other Regulatory Requirements Help Enable IoT Security

This startling data confirms that government and industry alike should assume that their applications are vulnerable. Rather than responding to incidents reactively, they should presume breach and make sure their auditing and remediation processes are in order. They should also try to pinpoint what their vulnerabilities are, as in all likelihood their applications are flawed,  with the help of services such as Veracode. This way, they can prevent breaches or at least make vulnerabilities harder to find.

AlexOlesker December 12, 2011
Share this Article
Facebook Twitter Pinterest LinkedIn
Share
- Advertisement -

Follow us on Facebook

Latest News

anti-spoofing tips
Anti-Spoofing is Crucial for Data-Driven Businesses
Security
ai in software development
3 AI-Based Strategies to Develop Software in Uncertain Times
Software
ai in ppc advertising
5 Proven Tips for Utilizing AI with PPC Advertising in 2023
Artificial Intelligence
data-driven image seo
Data Analytics Helps Marketers Substantially Boost Image SEO
Analytics

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

anti-spoofing tips
Security

Anti-Spoofing is Crucial for Data-Driven Businesses

6 Min Read
Digital Security From Weaponized AI
Security

Fortifying Enterprise Digital Security Against Hackers Weaponizing AI

11 Min Read
Cybersecurity Plan
Security

How to Plan a Cybersecurity Strategy for Your Small Business

8 Min Read
Security

How Vulnerable Are Supply Chains to Hacking?

6 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

data-driven web design
5 Great Tips for Using Data Analytics for Website UX
Big Data
AI and chatbots
Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
Artificial Intelligence Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?