One hundred percent—all of the applications Positive Technologies tested—had some kind of vulnerability. You might think, “Yeah, but how many of those were real, critical vulnerabilities?” Well, ninety-four percent of web applications tested contained a high-severity software flaw. Eighty-five percent of those same applications contained at least one confirmed, exploitable vulnerability.
Web application attacks are on the rise. A recent study found that they were the primary cause of reported breaches in 2017 and Q1 2018. This marked increase is partly due to the greater variety in web application vulnerabilities, as new attack vectors are found and exploited.
Code reuse (or software reuse) is defined exactly as one would expect: reusing code that already exists either within your organization or externally when developing new software.
The existing code may be reused to perform the same or very similar function. There are varying degrees of code reuse, ranging from repurposing a small section of internal code to relying on large third-party libraries and open-source frameworks.
Continuous Integration (CI) and Continuous Delivery (CD), or CI/CD, are part of the Agile approach to software development. The most prominent aspect of Agile development—and it’s most important rule—is that it requires software development to be responsive to change through an iterative process.
Ken Prole, CTO of Code Dx, will be speaking at LASCON on October 25 at 2-3pm about the White Hat’s Advantage: Open-source OWASP tools to aid in penetration testing coverage. Code Dx team will also be present at booth #10.
The OWASP list of the top 10 critical security risks to web applications does a good job of identifying prominent cybersecurity risks faced by organizations, but it doesn’t offer developers much practical guidance on how to make their applications more secure.
The 2018 Global Security Report from Trustwave found that all web applications are vulnerable to attack. Yes, you read that right. All applications had at least one vulnerability, and the average number of vulnerabilities found per application was eleven.
Some predict that cybercrimes will cost $6 trillion in damages per year by 2021. In response, governments around the world have decided to fight back against cyberattacks and counter threats with a host of new cybersecurity regulations for financial services.
Application security testing is an integral part of the development process. A proper testing methodology utilizes multiple tools (and types of tools) and incorporates application security testing into the design, development, and production phases of the application development lifecycle. But you may find yourself overwhelmed by the inundation of results from all of these testing tools.