sb-au logo
Story image

Ixia: Developers must improve security testing and nab those anomalies

19 Jul 2016

Web developers are not catching all security weaknesses before their apps go to market, allowing cyber criminals to exploit the apps, says a new study from Ixia.

The study found that while 93% of developers claim they test applications early and constantly through the development process, however the sheer amount of data breaches on a regular basis indicates that their security testing isn't up to scratch, Ixia says.

In addition, 95% of developers indicated they ran at least five security and load tests during app development, however only 56% believe it is the most important priority.

“Since only 56 per cent of developers agree that security testing is a top priority, it’s not surprising that 65 per cent of developers shipped product that had bugs or significant vulnerabilities, and 31 per cent said the product they shipped had significant vulnerabilities that required patching later in the development cycle," says Stephen Urquhart, Ixia ANZ general manager.

The most worrying statistics show that 65% of developers admitted to deploying applications that were filled with bugs, and a further 31% admitted that applications with 'significant vulnerabilities' would need to be patched later during development.

“This raises a key question: why are there still so many vulnerabilities in apps that have been tested throughout the development cycle? The likely answer is that they aren’t using the most effective testing solutions. In fact, 39 per cent of developers do not use commercial testing tools for apps and security.

"This means that, even with the best intentions, these developers are unlikely to be able to test sufficiently to eliminate bugs and vulnerabilities. Developers must test across a wide range of conditions to track every single anomaly in a product’s code to capture issues and address them effectively,” Urquhart continues.

The survey gained opinions from 363 developers about their security testing processes. Ixia recommends that developers use commercial tools in their security testing, using a solution that can find bugs, reduce costs and speeding up the development process.

Read the report here.

Link image
Network visibility: Why TAPs reign supreme compared to SPAN ports
TAPs are hardware components that connect into the cabling infrastructure to copy packets for monitoring purposes. So why are they better than SPAN ports?More
Story image
Businesses underutilising cloud security due to lack of education and training
Demand is high for cloud security access brokers (CASB), but more training and clear goals are needed to ensure companies get full effectiveness of products.More
Story image
Why answering the question of orchestration vs automation will improve your security effectiveness
Organisations are looking to improve their security operations effectiveness, efficiency, and staff satisfaction, with security, orchestration, automation and response (SOAR) fast becoming a trending approach. More
Link image
Rapid response: The best way to detect and respond to traffic anomalies
Metadata is a must-have security practice that allows analysts to parse through more devices, more communications and more data in less time.More
Story image
Tanium and Google Cloud bring greater security to distributed IT
“This joint solution with Chronicle gives Tanium customers access to massively scalable analytics and investigation capabilities far beyond that of other endpoint detection and response point tools."More
Link image
Remote workforces can be a security hazard - but they don't have to be
Many companies have adjusted to a new reality: a workforce working from home. These workers need access to applications and files that sit inside the enterprise network, all while prioritising security. Here's how it can be done.More