Thursday, September 23, 2010

8 Out Of 10 Web App Fails In Open Web Application Security Project

According to reports by Veracode, an application security company, more than half of software system are proned for security vulnerability.

Veracode viewed more than 2,900 systems over an 18-month period that were used by its cloud-based clients and discovered that 57 percent of all the applications were found to have unacceptable application security quality.

In a study only 2 out of 10 Web Applications are able to meet the OWASP (Open Web Application Security Project ) Top 10 requirement that is necessary to achieve PCI (payment card industry) compliance for use in financial and e-commerce sites, Veracode said.

The report ascertains that third-party code, which is growing in use in enterprises, is often insecure. Third-party suppliers failed to achieve acceptable security standards 81 percent of the time, the report said.

Meanwhile, cross-site scripting remains the most common of all application vulnerabilities, and .NET applications showed "abnormally high" numbers of flaws, Veracode said.

"A lot of work still needs to be done around the work of software security," Sam King, vice president of product marketing at Veracode, told CNET.

Also on Wednesday, WhiteHat Security released a report that found that the average Web site had nearly 13 serious vulnerabilities.

more on:

No comments:

Post a Comment