Veracode, the company involved in application security testing, published a report on the finding from their assessments. This report represented 2,922 applications assessed by Veracode in the last 18 months. Some of their observations are below.
- More than half of all software failed to meet an acceptable level of security and 8 out of 10 web applications failed to comply with the OWASP Top 10
- Cross-site Scripting remains the most prevalent of all vulnerabilities
- No single method of application security testing is adequate by itself
- The security quality of applications from Banks, Insurance, and Financial Services industries was not commensurate with their business criticality
The complete report is available
here.
No comments:
Post a Comment