Story image

Ixia: Developers must improve security testing and nab those anomalies

19 Jul 16

Web developers are not catching all security weaknesses before their apps go to market, allowing cyber criminals to exploit the apps, says a new study from Ixia.

The study found that while 93% of developers claim they test applications early and constantly through the development process, however the sheer amount of data breaches on a regular basis indicates that their security testing isn't up to scratch, Ixia says.

In addition, 95% of developers indicated they ran at least five security and load tests during app development, however only 56% believe it is the most important priority.

“Since only 56 per cent of developers agree that security testing is a top priority, it’s not surprising that 65 per cent of developers shipped product that had bugs or significant vulnerabilities, and 31 per cent said the product they shipped had significant vulnerabilities that required patching later in the development cycle," says Stephen Urquhart, Ixia ANZ general manager.

The most worrying statistics show that 65% of developers admitted to deploying applications that were filled with bugs, and a further 31% admitted that applications with 'significant vulnerabilities' would need to be patched later during development.

“This raises a key question: why are there still so many vulnerabilities in apps that have been tested throughout the development cycle? The likely answer is that they aren’t using the most effective testing solutions. In fact, 39 per cent of developers do not use commercial testing tools for apps and security.

"This means that, even with the best intentions, these developers are unlikely to be able to test sufficiently to eliminate bugs and vulnerabilities. Developers must test across a wide range of conditions to track every single anomaly in a product’s code to capture issues and address them effectively,” Urquhart continues.

The survey gained opinions from 363 developers about their security testing processes. Ixia recommends that developers use commercial tools in their security testing, using a solution that can find bugs, reduce costs and speeding up the development process.

Read the report here.

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.