Story image

Ixia: Developers must improve security testing and nab those anomalies

19 Jul 2016

Web developers are not catching all security weaknesses before their apps go to market, allowing cyber criminals to exploit the apps, says a new study from Ixia.

The study found that while 93% of developers claim they test applications early and constantly through the development process, however the sheer amount of data breaches on a regular basis indicates that their security testing isn't up to scratch, Ixia says.

In addition, 95% of developers indicated they ran at least five security and load tests during app development, however only 56% believe it is the most important priority.

“Since only 56 per cent of developers agree that security testing is a top priority, it’s not surprising that 65 per cent of developers shipped product that had bugs or significant vulnerabilities, and 31 per cent said the product they shipped had significant vulnerabilities that required patching later in the development cycle," says Stephen Urquhart, Ixia ANZ general manager.

The most worrying statistics show that 65% of developers admitted to deploying applications that were filled with bugs, and a further 31% admitted that applications with 'significant vulnerabilities' would need to be patched later during development.

“This raises a key question: why are there still so many vulnerabilities in apps that have been tested throughout the development cycle? The likely answer is that they aren’t using the most effective testing solutions. In fact, 39 per cent of developers do not use commercial testing tools for apps and security.

"This means that, even with the best intentions, these developers are unlikely to be able to test sufficiently to eliminate bugs and vulnerabilities. Developers must test across a wide range of conditions to track every single anomaly in a product’s code to capture issues and address them effectively,” Urquhart continues.

The survey gained opinions from 363 developers about their security testing processes. Ixia recommends that developers use commercial tools in their security testing, using a solution that can find bugs, reduce costs and speeding up the development process.

Read the report here.

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Why cybersecurity remains a top business priority
One in two Australian businesses estimated that they will receive fines for being in breach of new legislation.