Energy, utilities, and transportation represent some of the most critical industries, keeping the lights on and the economy moving. But less than a third of applications in infrastructure passed OWASP policy on first scan.
Applications developed by government organizations are the least secure of all industry groupings, measured by pass rate against OWASP Top 10 policy. Government applications also had the highest flaw prevalence of any industry group for cross-site scripting, SQL injection, credentials management, and cryptographic issues.
Financial services organizations showed signs of having some of the most mature application security programs. More than a third of applications were scanned at least monthly (12 times per year on average).
Healthcare organizations hold some of the most sensitive personal data, so it’s encouraging to see this industry made strides in improving application security in 2017.
Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.