2018 WhiteHat Application Security Statistics Report Is a Call to Arms for DevOps Teams

DZone 's Guide to

2018 WhiteHat Application Security Statistics Report Is a Call to Arms for DevOps Teams

A recent report on application security reveals alarming insight into the world of app security and DevOps. Click here to learn more.

· Security Zone ·
Free Resource

Today, we released the results of our newest threat research compiled in the 2018 Application Security Statistics report, “The Evolution of the Secure Software Lifecycle.” This research revealed that serious vulnerabilities continue to increase across all major industries. Additionally, enterprises are still struggling with long windows of exposure to these vulnerabilities and high times to fix, which has driven up security risk levels compared with last year’s report. 

As in prior years, the 2018 Stats report tracked the following critical metrics that determine the overall state of application security:

  • Window of Exposure: 33 percent increase from last year
  • Remediation Rate: same as last year
  • Time to Fix: 2 percent increase from last year

Overall, these metrics indicate a worsening state of application security, which has surprisingly seen its skill and resource gap widen even in an environment where applications have become more critical to running a business, and in the face of an ever-increasing volume and complexity of attacks, the net result is that applications today create an exponential business risk.  

Industries like finance, healthcare, and retail showed some improvements from last year, but on a macro-level, our stats report identified security trends that continue to pose challenges to both traditional applications and modern applications. 

 The top vulnerabilities for 2017 remained the same, which means that hackers have it easy since they really don’t have to learn new tricks. Dangerous attacks are easy to accomplish with common vulnerabilities, like cross-site scripting, information leakage, content spoofing, and an insufficient transport layer protection popping up frequently. Furthermore, more than 60 percent of applications had at least one serious and exploitable vulnerability open throughout the year, meaning the doors to easy exploits were wide open.

WhiteHat Security also tracks modern application development trends — specifically, open-source usage and microservice architectures. Our findings revealed that as more enterprises increase reliance on applications, they also failed to implement application security into the software development lifecycle. Research also confirmed that microservices create more insecurities on average than traditional applications. Nearly 70 percent of every application is comprised of reusable software components (e.g. third-party libraries, open-source software (OSS), etc.) because this development method quickly and easily adds value to offerings. But, that also means that applications “inherit” vulnerabilities found in the software components, too. However, when DevSecOps is done the right way, remediation rates and time to fix improved for microservices based applications.

The bottom line is that while development innovations have become table stakes, they also present challenges. Thanks to our strategic partners NowSecure and Coalfire, we were able to identify even more trends and insights into the state of application security.

These challenges present great opportunities to continue finding innovative ways to secure business applications. The picture is still mixed, but we are encouraged by signs of great progress. For example, when organizations embed security into the DevOps process, they typically see a 50 percent drop in production vulnerabilities, and their time to fix improves by 25 percent. That is significant!

Read the full report here. Watch the video on YouTube.

application security, cybersecurity, devops, devsecops, report, security, software

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}