Energy, utilities, and transportation represent some of the most critical industries, keeping the lights on and the economy moving. But less than a third of applications in infrastructure passed OWASP policy on first scan.
Applications developed by government organizations are the least secure of all industry groupings, measured by pass rate against OWASP Top 10 policy. Government applications also had the highest flaw prevalence of any industry group for cross-site scripting, SQL injection, credentials management, and cryptographic issues.
Financial services organizations showed signs of having some of the most mature application security programs. More than a third of applications were scanned at least monthly (12 times per year on average).
Healthcare organizations hold some of the most sensitive personal data, so it’s encouraging to see this industry made strides in improving application security in 2017.
Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.
*Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.
**Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.