Manufacturing and aerospace organizations had the highest OWASP pass rate on latest scan (30.5%) of any of our industry groupings. This could indicate that companies in this sector have application security programs that are more mature than other industries. This industry sector also had the lowest proportion of applications undergoing their first assessment (about 39%).
Retail and hospitality organizations ranked second in the rate of improvement in OWASP pass rate compared to 2016, seeing a 9% improvement. This is a positive indicator of maturing AppSec programs in an industry that has been plagued by data breaches in recent years.
A large proportion of tech companies exhibited DevOps behavior, with 2% of applications tested at least daily. Technology organizations had dramatically lower prevalence of major vulnerabilities such as cross-site scripting (8.6%), SQL injection (6.6%), cryptographic issues (16%), and credentials management (10.6%).
Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.