Enterprises around the world rely on web and mobile apps to do business, yet basic security assessments of these applications are not consistently done. In a study we commissioned through IDG, more than 300 IT managers from the US, UK and Germany, were interviewed about their application security programs and processes. The results? Most enterprises aren‘t assessing for critical, commonly exploited vulnerabilities.
Web applications seem to be the largest catagory to suffer from this negative trend, even though they represent the majority of the world's developed applications.
Worse, enterprises across the US, UK and Germany leave 62 percent of all their web and mobile applications unaudited for critical vulnerabilities such as SQL injection and cross-site scripting.
The third of enterprises that did assess applications during development, leveraged both binary static and dynamic analyses.
Of the enterprises currently using some form of analyses, most plan on expanding their programs within the next 12 months.