You've requested...

Share this with your colleagues:

Download this next:

Application security: Understanding its current state

This application security statistics report provides an analysis of the state of application security, brings to the forefront evolutionary trends, and highlights best practices that result in better application security over time.

The report also presents challenges and opportunities to secure the applications which are being produced and upgraded at an unprecedented pace. The key takeaways from this report include:

  • The number of serious application security vulnerabilities continues to increase
  • 85% of mobile apps violated one or more of the OWASP Mobile Top 10
  • Customers who embed security testing within their development process achieve significantly better application security outcomes.

These are also closely related to: "Broken Access Controls"

  • BadUSB 2.0: Exploring USB man-in-the-middle attacks

    The uses and capabilities of rogue USB hardware implants for use in cyber espionage activities is still very much an unknown quantity. Security professionals would benefit from tools capable of exploring the threat landscape while increasing awareness and countermeasures.

    BadUSB 2.0 or BadUSB2 is an investigative tool capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation devices and earlier BadUSB hardware implants, thus providing an insight into how these attacks may be prevented.

    Furthermore, BadUSB2 is able to evaluate new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquire an interactive command shell over USB. 

  • Malware attacks in smart buildings – Research results

    Vulnerabilities in smart buildings are very dangerous because they open buildings up to the possibility of large-scale cyberattacks.

    These attacks can be devastating, and malware targeting smart buildings is an inevitable next step.

    To anticipate this threat, the OT Research Team at Forescout has conducted in depth analysis and research of vulnerabilities and malware unique to BAS.

    Read on for the results found.

Find more content like what you just read:

  • The state of application security: A 2018 report

    Find out the state of application security in 2018 in this insightful research report from the Software Security Research team at Micro Focus Fortify.


  • The dangers of IoT botnets vs. traditional botnets

    Gartner estimates that there will be 20 billion connected devices by 2020. Access this resource to learn about the history of IoT botnets and how the rise of connected devices can bring upon the rise of dangerous bot attacks.


  • Cross Site Scripting

    This paper explains how cross-site scripting (XSS) vulnerabilities give attackers the capability to inject client-side scripts into the application. Read on to learn how to prevent these vulnerabilities.


  • Container security according to the National Institute of Standards and Technology

    The NIST (National Institute of Standards and Technology) has released a container security guide to provide practical recommendations for addressing the specific security challenges of container environments. Click here to open the guide.


  • Understanding Your Open Source Risk

    Read this paper to learn how with the increasing use of open source libraries comes an increase in vulnerabilities and learn how Veracode can help prevent these vulnerabilities.


  • Sandnet++ – A framework for analysing and visualising network traffic from malware

    This article in our Royal Holloway Security Series looks at Sandnet++, a framework for analysing and visualising network traffic from malware


  • Outsourcing the problem of software security

    This report from analyst group Quocirca assess the benefits of using on-demand services to ensure security throughout the application life cycle.


  • E-Guide: Preventing and detecting security vulnerabilities in Web applications

    The extent of fundamental security flaws in most applications often requires a re-architecture, but there are some secondary measures information security teams can take to safeguard faulty applications. This expert tip maps out the steps security professionals should take to lock down their Web applications.


  • AppSec: What not to do

    Read on to learn the most common AppSec mistakes and the best practices that will lead your organization to success by avoiding those mistakes.


  • Securing Web Applications

    Attacks on web applications can circumvent your security and harm your business in myriad ways by creating unwanted downtime, reducing availability and responsiveness, and shattering trust with your customers when data confidentiality and integrity is compromised.


  • How to overcome IAM challenges virtually every organization faces

    In this e-book created exclusively for the RSA Conference, discover the most pressing IAM issues faced by virtually every organization and actionable, affordable and sustainable approaches to the IAM challenges you face.


  • Insecure Open Source Components

    Access this paper to learn about the risks of insecure open source components and how to prevent those vulnerabilities with application security tools that integrate with your IDE.


  • Essential Guide to Threat Management

    Our Expert Essential Guide to Threat Management explores the best ways to defend against modern threats and targeted attacks. Malicious insiders have placed a bull’s eye on your organization’s back, waiting to strike at just the right time.


  • DevSecOps delivers better business

    Firms need to consider the move from DevOps to DevSecOps. This e-guide focuses on the benefits of DevSecOps, paints a picture of the rise of this approach, and explains why using the right DevSecOps tools leads to more secure development. DevSecOps delivers better business, and it's time for you to find out how and why.


  • State of Software Security

    Veracode analyzed more than 700,000 application scans, representing more than 2 trillion lines of code. Access this paper for a snapshot of what the data shows about the state of software security today.


  • Web-facing applications: Security assessment tools and strategies

    Read this expert E-guide to find out how you can properly asses web application threats and the tools your organization can use for protection. Learn how to mitigate likely web application threats and how you can ensure your business is protected.


  • 10 cloud security trends to address this year

    As enterprise operations expand to multi-cloud environments, data protection tactics must also evolve to address the growing number of possible threats. In this white paper, learn how you can strengthen security by addressing the top 10 cloud security trends for 2019, today.


  • 23-page guide to achieving MySQL and MariaDB app consistency

    This guide outlines how to achieve app consistency of MySQL and MariaDB databases with Veeam Backup & Replication software. It includes instruction on scripts for hot and cold backup, guest recovery, and more. View it here.


  • 5 top attack vectors to protect against

    Recently, there has been an abundance of cyberattacks in the news with popular companies, such as Uber and Equifax. Explore this resource to uncover how to protect against the top 5 attack vectors.


  • Developer's guide to OWASP

    Download this guide to learn how developers can enhance their secure coding skills and reduce application security risks by focusing on the OWASP top 10.


  • Learn more about the NERC CIP standards

    The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards are a set of requirements designed to secure the assets required for operating North America's bulk electric system. In this e-book, learn how SilentDefense can help North-American utilities by saving considerable effort and money.


  • How to fully secure apps from the inside out

    To protect against threats to JavaScript apps, organizations need more than just WAFs, they need a way to secure apps from the inside out, starting with code. Download this white paper to learn about a multilayered approach that can help protect your apps before it's too late.


  • 7 common security mistakes when migrating to the cloud

    The speed of cloud migration is outpacing the speed of security team expansion. How do you keep up? Read on to learn how to prevent such a security regression when migrating to the cloud.


  • Identity management 101 – everything you need to know

    Learn how you can reap the benefits of an identity management platform, today.


  • Container security: A review of platforms at risk

    This report describes the risks and threats that can be created by deploying workload in the public cloud without proper security. Read on to learn about platforms discovered such as Kubernetes, Docker Swarm, Redhat Openshift, and more.


  • AWS security best practices, a definitive guide

    Cyberattacks to the cloud can be devastating to businesses that rely heavily on daily use of cloud applications. In this thorough resource explore everything from common cloud security challenges, to AWS best practices, and cloud access security brokers (CASBs).


  • IT in Europe: Taking control of smartphones: Are MDMs up to the task?

    In this Special European edition of Information Security magazine, gain key insight into the increasing risks of mobile devices and the strategies and tools needed to mitigate them. View now to also explore VDI security, cybersecurity threats, IT consumerization deluge, and much more.


  • October Essentials Guide on Mobile Device Security

    The October issue of Information Security offers advice on controlling the onslaught of employee-owned devices in your workplace, mitigating the risks of mobile applications, and changing your thought process when it comes to securing the consumerization of IT.


  • Information Security Essential Guide: Strategies for Tackling BYOD

    Let this e-book from our independent experts be your guide to all things related to mobile security in the face of the BYOD trend. Inside, you'll get helpful insight that will help you understand the ins and outs of mobile device management technologies, how to tackle the problem of mobile application security, and much more.


  • Explore highlights from Rapid7's 2018 Q4 report

    This issue of the Rapid7 Quarterly Threat Report takes a deep dive into the threat landscape for 2018 Q4 and looks more broadly at 2018 as a whole. The report provides an assessment of threat events by organization size and industry, and examines threat incident patterns. Download the report to explore highlights from the 2018 Q4 report.


  • 85-page eBook on container and Kubernetes security

    Keep your organization free of container and Kubernetes threats before they're able to hit you. Download this 85-page whitepaper on container and Kubernetes security to learn what changes you can make today to keep your data safe.


  • Top 5 attack vectors

    This white paper walks through the top 5 security attacks, by providing insights into tactics, techniques and procedures commonly used by threat actors. Then, find out how a managed detection and response strategy can take your security protocols to the next level and protect your organization.


  • Our network abstraction is your salvation

    Find out how to spin up highly secure, performant app-specific networks or "AppWANs" that are designed to help you extend traditional networks to the cloud, pave the way for IoT adoption, work within a DevOps paradigm, and more.


  • Explore a table of NIST SP's security controls applicable to ICS networks

    NIST Special Publication (SP) 800-53r4 provides a catalog of security controls for federal information systems and organizations and a process for selecting controls to protect operations and organizations. In this resource, explore the provided table which presents NIST SP's security controls applicable to ICS networks.


  • Best practices to defend against top security threats

    Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats. In this white paper, learn about the top concerns of decision makers, the growing success of cyberthreats, security's need to improve and best practices to consider.


  • e-Guide: Evolving IT security threats: Inside Web-based, social engineering attacks

    Defending IT infrastructure involves understanding attack methods that are effective today. This expert e-guide highlights several characteristics of modern computer security threats to keep in mind as you assess and improve your information security program, and provides recommendations for dealing with them.


  • 4 threats to Kubernetes orchestration platform

    For those who use the open-source capabilities of Kubernetes security, there are 4 types of threats that you should know about. In this resource, explore a discussion of threat models, various security considerations and best practices for optimizing your Kubernetes deployment.


  • 10 ways to minimize container security risks

    In this resource, find out the ten key things DevOps should keep in mind when developing and securing containerized applications to minimize the risk posed by loose vulnerabilities.


  • E-Guide: How to Combat the Latest Cybersecurity Threats

    It takes a great deal of time and money to fine-tune IT security in response to evolving IT security threats and attack tactics. This expert e-guide provides an in-depth overview of modern computer security threats and offers technical advice on how to deal with them.


  • E-Guide: New Malware Threats Require New Antimalware Protection Strategy

    This expert e-guide examines emerging threats and malware that are targeting smartphones, mobile apps, social media, and cloud services. Inside, discover essential strategies and best practices for mitigating these risks and ensuring enterprise security.


  • Cyber security costs expected to reach an all-time high

    Enter this whitepaper to learn about the security aspects that go into developing and operating digital, cloud-based remote monitoring platforms built to keep data private and infrastructure systems secure from attackers.


  • Why 2019 is the year of malware everywhere

    If 2018 was the year of mobile malware, 2019 is the year of everywhere malware. Download this report to learn about a few simple steps that you can take to drastically improve your own security and that of the devices that surround them.


  • Application Security Handbook: Application Security: Managing Software Threats

    Check out this expert e-book from the editorial team at to read the following three articles designed to help you address your application security before it's threatened: 'Ten Ways to Build in Security From the Start', 'Secure Your Mobile Apps in Enterprise Integration', and 'How to Boost Your Application Security Savvy'.


  • 5 Principles for Securing DevOps

    Read this paper to learn how DevOps is transforming the way the world creates software and how following five principles will get your organization on the right path to securing code at DevOps speed.


  • Discover the most successful types of cyberattacks from 2018

    As technology continues to advance, cybercriminals are leveraging new capabilities into more sophisticated cyberattacks. PandaLabs, Panda Security's anti-malware laboratory, tracks threat data in real time and has compiled it into a report. Download the report for highlights of 2018's cybersecurity trends, as well as emerging threats for 2019.


  • Why your SSO should be cloud and mobile capable

    The best Single Sign-On today can handle the applications mobile workers use, identity as a service and more. In this guide, learn how you can make SSO and other identity management approaches more effective.


  • The state of ransomware, cryptocurrency, spam and more

    Find out the deep, dark truth behind the underground hacker economy in the 2018 State of Cybercrime report.