WhiteHat Security reveals how enterprise security vulnerabilities are introduced via traditional applications
In its 2018 Application Security Statistics Report, titled “The Evolution of the Secure Software Lifecycle”, WhiteHat Security has identified the security vulnerabilities and challenges introduced into the enterprise through traditional applications, and through agile development frameworks, microservices, application programming interfaces (APIs), and cloud architectures.
The annual study, which was published in collaboration with NowSecure, provides of automated mobile app security testing; and Coalfire, providers of cyber risk management and compliance services for public and private enterprises. Along with WhiteHat’s application security testing, one of the biggest worries discovered by these methods is that with few exceptions, the number of serious vulnerabilities per site has increased across all major sectors, despite some improvements in finance, healthcare and retail.
However, these industries are still struggling with long windows of exposure combined with very high times to fix that has driven up security risk levels compared with the previous year’s report.
DevOps teams are being identified as an issue when it comes to security risk – while the methodology is now mainstream, according to WhiteHat CEO Craig Hinkley, security adoption is still lagging.
“Businesses are transitioning from traditional applications and legacy systems, to web and mobile applications that are purpose-built to serve up superior customer experiences. However, the downside of changing the software lifecycle to speed up the process is the inherent introduction of risk,” said Hinkley. “Therefore, any organisation that fails to build security into its app development process is wilfully being left exposed to those ever-present threats.”
Earlier this month, a study from O’Reilly Media, involving more than 1,300 IT professionals, revealed that the global median pay for DevOps professionals is currently at $90,000 a year, which is down from $100,000 than the previous year. The lowering of the average is down to a greater number of respondents as well as a wider geographic dispersion to traditionally lower-income areas. One area which definitely needs improvement, however, is around gender imbalance, with only 6% of respondents identifying themselves as female who earn $6,000 lower on average than their male counterparts to boot.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » Commoditising cybercrime: The rise of ransomware-as-a-service
- » Enterprise mobility management is more than just hype – and those still missing out need to start now
- » Symantec acquires Appthority to help secure the modern endpoint
- » CIOs fear IoT-related performance and revenue meltdowns, new research finds
- » How EMEA CIOs are taking the lead in digital initiatives: AI 'becoming mainstream'