Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    IT Industry Falls Behind in Web Application Security

    By
    Robert Lemos
    -
    June 8, 2016
    Share
    Facebook
    Twitter
    Linkedin
      Web application security

      The fast pace of innovation by the information technology industry has seemingly left businesses in that industry behind in the race to secure their Web applications, according to the annual WhiteHat Security Web Applications Security Statistics Report released on June 7.

      As an industry, IT firms came in dead last in measures of security—and first in measures of vulnerability—based on scans of their Web applications by WhiteHat. The average IT Web application, for example, had 32 vulnerabilities, compared with 28 vulnerabilities in Web apps produced by educational organizations or 23 vulnerabilities in retail Web applications. In addition, the average age of a Web application vulnerability topped 875 days for the IT industry, nearly twice the age of the second worst performer, the education sector, according to the report.

      The IT industry’s rate of production of Web apps is much higher compared with other industries, and that could significantly contribute to the greater security weaknesses of the industry, Setu Kulkarni, vice president of product management for WhiteHat Security, told eWEEK.

      “In IT, we see rapid change,” he said. “They are the folks who are knowledgeable about producing a lot of these applications. As you are on the leading edge of technology, you are adopting the latest and greatest framework and open-source software, for example.”

      Even though the report serves notice to startups and businesses hawking the latest online service or product, other industries are not off the hook.

      While 60 percent of IT industry Web applications are vulnerable 365 days a year, more than half of applications produced by the retail, manufacturing, and food-and-beverage industries are always vulnerable as well, according to the report.

      All four of those industries also take more than 200 days to fix a Web application vulnerability on average, the report stated.

      Part of the problem is that companies are producing far more applications now, and more quickly. WhiteHat clients have submitted more than 30 percent more applications to be tested this year than in previous years, the company said.

      “Software that used to take years to develop now, with technology trends [such as] cloud, Agile and DevOps, people are releasing code to production … in weeks,” Kulkarni said. “The sheer number of applications has, I think, gone out of control.”

      Yet, developers and operations personnel knowledgeable about application security need to work more closely with developers. Vulnerability checks should be integrated into the development cycle and priorities should be based on risk, not which vulnerabilities are easiest to fix, Kulkarni said.

      “The day that developers themselves have access to the vulnerability data, that the list is put in front of them, then remediation rate may go up,” he said.

      Working security into development is also important because the earlier that vulnerabilities are fixed, the less costly they are, he said.

      Robert Lemos
      Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×