Over 8500 Applications Analyzed for Vulnerabilities–Here’s What You Need to Know

Micro Focus Expert
Micro Focus Expert
0 0 2,607

The Software Security Research (SSR) team at Micro Focus Fortify has released their must read annual report on the state of application security. Part of the report covers our analysis of anonymized and sanitized vulnerability data collected by the Micro Focus Fortify on Demand (FoD) platform.  

The data analyzed in this report was collected between October 31, 2016 and October 30, 2017 and contained Web application data from more than 7,800 applications and more than 700 mobile applications. 

So before you get comfortable, grab a cold one and dig into the report, let’s cover a few of the key highlights! 

The likelihood of web applications found to be vulnerable per kingdom 

Figure 9 shows Security Features again topping the list, with 93% of the tested web applications having an issue of this type in 2017 vs. 91% in 2016. Except for the Errors kingdom, every other kingdom saw the number of vulnerabilities go up.


The likelihood of mobile applications found to be vulnerable per kingdom

Mobile applications showed a different trend than web applications. Vulnerability counts went down in most kingdoms except in Code Quality issues.


The 10 most commonly occurring vulnerabilities

Nine out of 10 vulnerability categories in Web applications are the same as last year but interestingly, among these top 10, only three categories are of critical or high severity. While the full report digs much deeper into what 10 categories were considered critical or high severity from 2017 vs 2016, what is alarming still, is the fact that 79% of all tested applications had at least one critical or high severity issue. 


As for the mobile applications, most common categories remain the same as in 2016. The two new categories this year in the top 10 are Insecure Transport: Weak SSL Protocol which went up by 10% to 50% in 2017 and Privacy Violation: HTTP GET which went up to 34% from 17% in 2016. 

And even more alarming than the web applications tested, 89% of tested mobile applications had at least one critical or high severity issue, which is up 23% from 2016! 


Now that your interest is piqued by these alarming statistics discovered from the 8500 applications evaluated by the Micro Focus Software Security Research team, do yourself a favor and go download the full Application Security Research Update 2018 that covers so much more!

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.