Does this resemble your application security program's coverage? We can help.

Does this resemble your application security program's coverage? We can help.


Another day another web application breach hits the news. This time ITWorld reports Hackers steal user data from the European Central Bank website, ask for money. I can’t say that I’m surprised. Although vulnerabilities (SQL Injection, cross-site-scripting, etc.) are easy for attackers to detect and exploit, they are still very common across many web applications. The survey that we just completed with IDG highlights the problem – 83% of respondents said it was critical or very important to close their gaps in assessing web applications for security issues. However, a typical enterprise:

  • has 804 internally developed web applications
  • plans to develop another 119 web applications with internal development teams over the next 12 months
  • tests only 38% of those web applications for security vulnerabilities

And these numbers don’t include all the web applications that are sourced to third-party software vendors or outsourced development shops. The assessment methodologies for finding web application vulnerabilities aren’t a mystery – we all know about static and dynamic testing. It’s the scale at which web applications must be found, assessed for vulnerabilities and then remediated that makes this difficult for large enterprises. Think about it, 119 applications over the next 365 days means a new web application is deployed on an enterprise web property every 3 days. Is it any wonder that web application breaches keep happening?

Learn more about Veracode's cloud-based service:

About Jasmine Noel

At Veracode, Jasmine’s efforts are focused around market research, content development and sales enablement efforts. Previously, Jasmine was a founding partner of Ptak/Noel, an industry analyst and marketing consulting firm. Prior to that she also served as director of systems and applications management at Hurwitz Group, and senior analyst at D.H. Brown Associates. Jasmine holds a bachelor of science from the Massachusetts Institute of Technology and a master of science from the University of Southern California.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.