Energy, utilities, and transportation represent some of the most critical industries, keeping the lights on and the economy moving. But less than a third of applications in infrastructure passed OWASP policy on first scan.
Applications developed by government organizations are the least secure of all industry groupings, measured by pass rate against OWASP Top 10 policy. Government applications also had the highest flaw prevalence of any industry group for cross-site scripting, SQL injection, credentials management, and cryptographic issues.
Financial services organizations showed signs of having some of the most mature application security programs. More than a third of applications were scanned at least monthly (12 times per year on average).
Healthcare organizations hold some of the most sensitive personal data, so it’s encouraging to see this industry made strides in improving application security in 2017.