“The more things change the more they stay the same” could be the application security motto for 2017. Last year featured breaches stemming from the same vulnerabilities that have been wreaking havoc for years. In fact, we saw SQL injection in about 30 percent of the apps we scanned in 2017 – a number that hasn’t budged much since 2011.
2017 also shone a harsh spotlight on the risk of open source component use, with several high-profile breaches originating with this type of code.
But 2017 also brought some reasons to be optimistic about the future of application security. We’ve seen awareness increasing, best practices emerging and many organizations moving the needle in reducing their application layer risk.
Veracode’s Director of Content and Corporate Communications Jessica Lavery recently sat down with Evan Schuman to take a look back at AppSec in 2017 and discuss where it’s headed in 2018.