The Software Security Research (SSR) team at Micro Focus Fortify has released their must read annual report on the state of application security. Part of the report covers our analysis of anonymized and sanitized vulnerability data collected by the Micro Focus Fortify on Demand (FoD) platform.
The data analyzed in this report was collected between October 31, 2016 and October 30, 2017 and contained Web application data from more than 7,800 applications and more than 700 mobile applications.
So before you get comfortable, grab a cold one and dig into the report, let’s cover a few of the key highlights!
The likelihood of web applications found to be vulnerable per kingdom
Figure 9 shows Security Features again topping the list, with 93% of the tested web applications having an issue of this type in 2017 vs. 91% in 2016. Except for the Errors kingdom, every other kingdom saw the number of vulnerabilities go up.
The likelihood of mobile applications found to be vulnerable per kingdom
Mobile applications showed a different trend than web applications. Vulnerability counts went down in most kingdoms except in Code Quality issues.
The 10 most commonly occurring vulnerabilities
Nine out of 10 vulnerability categories in Web applications are the same as last year but interestingly, among these top 10, only three categories are of critical or high severity. While the full report digs much deeper into what 10 categories were considered critical or high severity from 2017 vs 2016, what is alarming still, is the fact that 79% of all tested applications had at least one critical or high severity issue.
As for the mobile applications, most common categories remain the same as in 2016. The two new categories this year in the top 10 are Insecure Transport: Weak SSL Protocol which went up by 10% to 50% in 2017 and Privacy Violation: HTTP GET which went up to 34% from 17% in 2016.
And even more alarming than the web applications tested, 89% of tested mobile applications had at least one critical or high severity issue, which is up 23% from 2016!
Now that your interest is piqued by these alarming statistics discovered from the 8500 applications evaluated by the Micro Focus Software Security Research team, do yourself a favor and go download the full Application Security Research Update 2018 that covers so much more!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.