Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    sales and data analytics
    How Data Analytics Improves Lead Management and Sales Results
    9 Min Read
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: Only 18% of Software Apps Pass Security Tests
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > Only 18% of Software Apps Pass Security Tests
SecuritySQL

Only 18% of Software Apps Pass Security Tests

AlexOlesker
AlexOlesker
0 Min Read
SHARE

Over the past 18 months, almost 10,000 software applications from the government and private sector were submitted to Veracode’s 

Over the past 18 months, almost 10,000 software applications from the government and private sector were submitted to Veracode’s online security testing platform for independent security auditing and 8 out of 10 failed to achieve an acceptable level of security on their first try. Veracode reached this conclusion by automatically checking submitted apps for over 100 types of flaws. That’s not to say the 18% that passed were flawless, merely that their security gaps weren’t glaring. Take into account that developers who have their applications tested by an independent third party are likely more security conscious to begin with, and you paint a pretty grim picture or software application security.

In government, 75% of applications had cross-site scripting problems, which means that attackers could find ways to input malicious code onto a webpage. These attacks are often used to get sensitive information maintained by a user’s browser, such as session cookies that can then be utilized to impersonate the  user. According to Veracode, one reason for the prevalence of cross-site scripting issues was that many government apps were built using Cold Fusion, a programming language more likely to produce such flaws than languages more commonly used for commercial applications. In addition, 40% of government applications were vulnerable to SQL injections, which allow unauthorized users to get into back-end databases through a website. SQL injection flaws have grown less common over the past few years in the app market as a whole, but they have failed to improve in government despite all of the “wake up calls” declared earlier when LulzSec used this method of attack along with cross-site scripting to hack government and industry websites. Veracode CTO Chris Wysopal believes that while companies have to deal with angry customers, the government only needs to worry about meeting regulations and standards and hence faces less pressure to develop secure applications.

That doesn’t mean that commercial software apps fared much better, they simply had a more diverse set of problems such as buffer overflows and management issues. Veracode found that 3% of commercial applications had backdoors, initially put in place for debugging and diagnostic support, that can be used by attackers. They also looked at about 100 Android enterprise mobile applications and found that 40% had hard-coded crypographic keys, which are keys that are fixed in the source code. If the mobile device is lost or stolen a thief could get into the application without additional credentials or a hacker could decomplie the source code to get the key.

More Read

Security and Data Visualization- Use the NCTC WITS system
Privacy Concerns Could Hinder Personalization of Web Based Applications
What Are State-Sponsored Cyber Attacks and Do They Use AI?
Grab your Popcorn…Things are about to get really weird
The Amazon Effect: Zuora, Citrix and the Acceleration of the Cloud Economy

This startling data confirms that government and industry alike should assume that their applications are vulnerable. Rather than responding to incidents reactively, they should presume breach and make sure their auditing and remediation processes are in order. They should also try to pinpoint what their vulnerabilities are, as in all likelihood their applications are flawed,  with the help of services such as Veracode. This way, they can prevent breaches or at least make vulnerabilities harder to find.

Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

sales and data analytics
How Data Analytics Improves Lead Management and Sales Results
Analytics Big Data Exclusive
ai in marketing
How AI and Smart Platforms Improve Email Marketing
Artificial Intelligence Exclusive Marketing
AI Document Verification for Legal Firms: Importance & Top Tools
AI Document Verification for Legal Firms: Importance & Top Tools
Artificial Intelligence Exclusive
AI supply chain
AI Tools Are Strengthening Global Supply Chains
Artificial Intelligence Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

ai is a dangerous weapon in the hands of hackers
Security

Hackers Use AI to Create Terrifying Malware Targeting Sandboxes

12 Min Read
dreamstime l 204902773
Artificial IntelligenceExclusiveITSecurity

10 Tips to Fight Against AI-Driven Ransomware Attacks

10 Min Read

The USA Is Building the World’s Fastest Supercomputer

5 Min Read
AI and cybersecurity
Artificial Intelligence

AI Leads to Powerful New Fraud Detection Software for E-commerce

5 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI and chatbots
Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
Artificial Intelligence Chatbots Exclusive
ai chatbot
The Art of Conversation: Enhancing Chatbots with Advanced AI Prompts
Chatbots

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?