You've requested...

Share this with your colleagues:

Download this next:

Application security: Understanding its current state

This application security statistics report provides an analysis of the state of application security, brings to the forefront evolutionary trends, and highlights best practices that result in better application security over time.

The report also presents challenges and opportunities to secure the applications which are being produced and upgraded at an unprecedented pace. The key takeaways from this report include:

  • The number of serious application security vulnerabilities continues to increase
  • 85% of mobile apps violated one or more of the OWASP Mobile Top 10
  • Customers who embed security testing within their development process achieve significantly better application security outcomes.

These are also closely related to: "Broken Access Controls"

  • BadUSB 2.0: Exploring USB man-in-the-middle attacks

    The uses and capabilities of rogue USB hardware implants for use in cyber espionage activities is still very much an unknown quantity. Security professionals would benefit from tools capable of exploring the threat landscape while increasing awareness and countermeasures.

    BadUSB 2.0 or BadUSB2 is an investigative tool capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation devices and earlier BadUSB hardware implants, thus providing an insight into how these attacks may be prevented.

    Furthermore, BadUSB2 is able to evaluate new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquire an interactive command shell over USB. 

  • Malware attacks in smart buildings – Research results

    Vulnerabilities in smart buildings are very dangerous because they open buildings up to the possibility of large-scale cyberattacks.

    These attacks can be devastating, and malware targeting smart buildings is an inevitable next step.

    To anticipate this threat, the OT Research Team at Forescout has conducted in depth analysis and research of vulnerabilities and malware unique to BAS.

    Read on for the results found.

Find more content like what you just read:

  • Secure coding best practices for developers

    Access this whitepaper to learn some of the best steps you can take today to have more secure coding practices, and the many risks you'll be able to address.


  • The state of application security: A 2018 report

    Find out the state of application security in 2018 in this insightful research report from the Software Security Research team at Micro Focus Fortify.


  • The dangers of IoT botnets vs. traditional botnets

    Gartner estimates that there will be 20 billion connected devices by 2020. Access this resource to learn about the history of IoT botnets and how the rise of connected devices can bring upon the rise of dangerous bot attacks.


  • Hitachi ID Privileged Access Manager: Everything you need to know

    In this resource, discover all of the key benefits and capabilities of Hitachi ID's Privileged Access Manager.


  • Cross Site Scripting

    This paper explains how cross-site scripting (XSS) vulnerabilities give attackers the capability to inject client-side scripts into the application. Read on to learn how to prevent these vulnerabilities.


  • Why this development team shifted from reactive to proactive AppSec

    Establishing trust in your product's security is just as important as its overall quality in the eye of the user -- a fact almost all developers are familiar with. That's why many development teams are making a shift from reactive to proactive application security models. Keep reading to find out why, illustrated by a real world story.


  • Reduce security flaw resolution time by 90%

    Check out this ROI analysis of Veracode's application security platform to find out just how much more secure your apps could be, and how you can reduce security flaw resolution time by 90%.


  • Understanding Your Open Source Risk

    Read this paper to learn how with the increasing use of open source libraries comes an increase in vulnerabilities and learn how Veracode can help prevent these vulnerabilities.


  • Sandnet++ – A framework for analysing and visualising network traffic from malware

    This article in our Royal Holloway Security Series looks at Sandnet++, a framework for analysing and visualising network traffic from malware


  • Outsourcing the problem of software security

    This report from analyst group Quocirca assess the benefits of using on-demand services to ensure security throughout the application life cycle.


  • 3 critical steps for effective application security

    To make application security truly effective at reducing the risk of a damaging breach, there are three critical steps beyond scanning to help develop more secure code. Explore those three critical steps in this whitepaper.


  • AppSec: What not to do

    Read on to learn the most common AppSec mistakes and the best practices that will lead your organization to success by avoiding those mistakes.


  • E-Guide: Preventing and detecting security vulnerabilities in Web applications

    The extent of fundamental security flaws in most applications often requires a re-architecture, but there are some secondary measures information security teams can take to safeguard faulty applications. This expert tip maps out the steps security professionals should take to lock down their Web applications.


  • Securing Web Applications

    Attacks on web applications can circumvent your security and harm your business in myriad ways by creating unwanted downtime, reducing availability and responsiveness, and shattering trust with your customers when data confidentiality and integrity is compromised.


  • How to overcome IAM challenges virtually every organization faces

    In this e-book created exclusively for the RSA Conference, discover the most pressing IAM issues faced by virtually every organization and actionable, affordable and sustainable approaches to the IAM challenges you face.


  • Insecure Open Source Components

    Access this paper to learn about the risks of insecure open source components and how to prevent those vulnerabilities with application security tools that integrate with your IDE.


  • Preparing for the new OWASP: Top 10 and beyond

    Web app security is difficult and firewalls are not going to be enough. OSWAP has released a list of the 10 most common security concerns you need to address for your web apps. Access this e-book to learn about each of these 10 key web app security concerns and how you can mitigate them.


  • Essential Guide to Threat Management

    Our Expert Essential Guide to Threat Management explores the best ways to defend against modern threats and targeted attacks. Malicious insiders have placed a bull’s eye on your organization’s back, waiting to strike at just the right time.


  • DevSecOps delivers better business

    Firms need to consider the move from DevOps to DevSecOps. This e-guide focuses on the benefits of DevSecOps, paints a picture of the rise of this approach, and explains why using the right DevSecOps tools leads to more secure development. DevSecOps delivers better business, and it's time for you to find out how and why.


  • State of Software Security

    Veracode analyzed more than 700,000 application scans, representing more than 2 trillion lines of code. Access this paper for a snapshot of what the data shows about the state of software security today.


  • Web-facing applications: Security assessment tools and strategies

    Read this expert E-guide to find out how you can properly asses web application threats and the tools your organization can use for protection. Learn how to mitigate likely web application threats and how you can ensure your business is protected.


  • Prevent automated threats with the right application security strategy

    New methods are needed to effectively automate the mitigation of fast-evolving threats. Read this white paper to learn about application security strategies that focus on preventing automated threats, which can help you make operational improvements, and lower operating costs.


  • Developer's guide to OWASP

    Download this guide to learn how developers can enhance their secure coding skills and reduce application security risks by focusing on the OWASP top 10.


  • Learn more about the NERC CIP standards

    The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards are a set of requirements designed to secure the assets required for operating North America's bulk electric system. In this e-book, learn how SilentDefense can help North-American utilities by saving considerable effort and money.


  • 7 common security mistakes when migrating to the cloud

    The speed of cloud migration is outpacing the speed of security team expansion. How do you keep up? Read on to learn how to prevent such a security regression when migrating to the cloud.


  • Incident response: Key trends and recommendations

    In this report, discover how the CrowdStrike Falcon can deliver the visibility and operational expertise necessary to stop breaches before adversaries can take control of your entire network, as well as stories from the front lines of incident response in 2018 and insights that matter for 2019.


  • Identity management 101 – everything you need to know

    Learn how you can reap the benefits of an identity management platform, today.


  • Container security: A review of platforms at risk

    This report describes the risks and threats that can be created by deploying workload in the public cloud without proper security. Read on to learn about platforms discovered such as Kubernetes, Docker Swarm, Redhat Openshift, and more.


  • AWS security best practices, a definitive guide

    Cyberattacks to the cloud can be devastating to businesses that rely heavily on daily use of cloud applications. In this thorough resource explore everything from common cloud security challenges, to AWS best practices, and cloud access security brokers (CASBs).


  • IT in Europe: Taking control of smartphones: Are MDMs up to the task?

    In this Special European edition of Information Security magazine, gain key insight into the increasing risks of mobile devices and the strategies and tools needed to mitigate them. View now to also explore VDI security, cybersecurity threats, IT consumerization deluge, and much more.


  • October Essentials Guide on Mobile Device Security

    The October issue of Information Security offers advice on controlling the onslaught of employee-owned devices in your workplace, mitigating the risks of mobile applications, and changing your thought process when it comes to securing the consumerization of IT.


  • Information Security Essential Guide: Strategies for Tackling BYOD

    Let this e-book from our independent experts be your guide to all things related to mobile security in the face of the BYOD trend. Inside, you'll get helpful insight that will help you understand the ins and outs of mobile device management technologies, how to tackle the problem of mobile application security, and much more.


  • Step-by-step guide to increasing the power of Salesforce CRM

    In this white paper, learn how to power your business with second-by-second information, and drive immediate action through integrating your Salesforce CRM with SurveyGizmo. Explore the benefits of a SurveyGizmo and Salesforce partnership, and get the insight you need to execute your next installation with confidence.


  • Explore highlights from Rapid7's 2018 Q4 report

    This issue of the Rapid7 Quarterly Threat Report takes a deep dive into the threat landscape for 2018 Q4 and looks more broadly at 2018 as a whole. The report provides an assessment of threat events by organization size and industry, and examines threat incident patterns. Download the report to explore highlights from the 2018 Q4 report.


  • 85-page eBook on container and Kubernetes security

    Keep your organization free of container and Kubernetes threats before they're able to hit you. Download this 85-page whitepaper on container and Kubernetes security to learn what changes you can make today to keep your data safe.


  • How to prevent fileless attacks

    According to CrowdStrike, 8 out of 10 attack vectors that resulted in a successful breach used fileless attack techniques. Access this white paper to learn how fileless attacks work and why traditional techniques fail to protect your organization.


  • Our network abstraction is your salvation

    Find out how to spin up highly secure, performant app-specific networks or "AppWANs" that are designed to help you extend traditional networks to the cloud, pave the way for IoT adoption, work within a DevOps paradigm, and more.


  • Threat intelligence report 2019: Attack trends to know about

    The global cyberthreat landscape continues to evolve, unleashing increasingly sophisticated and persistent attack techniques at internet scale. In this NETSCOUT Threat Intelligence report, explore key findings.


  • Don't fall victim to data hacks like LinkedIn, Uber and Equifax

    Companies such as LinkedIn, Uber and Equifax have all been victims of significant data hacks. In this white paper, uncover some basics of how breaches happen and where data travels when they do, as well as how you can strengthen security protocols to prevent breaches in the future.


  • Explore a table of NIST SP's security controls applicable to ICS networks

    NIST Special Publication (SP) 800-53r4 provides a catalog of security controls for federal information systems and organizations and a process for selecting controls to protect operations and organizations. In this resource, explore the provided table which presents NIST SP's security controls applicable to ICS networks.


  • Best practices to defend against top security threats

    Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats. In this white paper, learn about the top concerns of decision makers, the growing success of cyberthreats, security's need to improve and best practices to consider.


  • Cloud access security broker: Explore the benefits

    In this research report, explore key takeaways from an in-depth survey conducted by Osterman Research. This survey asked 174 decision-makers at companies that already have, or are in the process of deploying cloud access security broker software about their experiences.


  • Best practices for securing privileged access

    Download this white paper to learn more about the best practices for processes, policies and technology used to secure access to privileged accounts and other elevated privileges.


  • e-Guide: Evolving IT security threats: Inside Web-based, social engineering attacks

    Defending IT infrastructure involves understanding attack methods that are effective today. This expert e-guide highlights several characteristics of modern computer security threats to keep in mind as you assess and improve your information security program, and provides recommendations for dealing with them.


  • 5 Principles for Securing DevOps

    Read this paper to learn how DevOps is transforming the way the world creates software and how following five principles will get your organization on the right path to securing code at DevOps speed.


  • E-Guide: How to Combat the Latest Cybersecurity Threats

    It takes a great deal of time and money to fine-tune IT security in response to evolving IT security threats and attack tactics. This expert e-guide provides an in-depth overview of modern computer security threats and offers technical advice on how to deal with them.


  • Cloud security: Emerging challenges and risks

    The Oracle and KMPG Cloud Threat Report 2019 examines emerging cybersecurity challenges and risks that businesses are facing as they embrace cloud services at an accelerating pace. Read on for important insights and recommendations on how to approach the real security risks that the cloud can present.