A recent study by Quotium highlighted some interesting findings as they researched application security from a security manager’s point of view. While 51% of security managers believe their applications have vulnerabilities, 48% of them can’t tell how frequently their applications are attacked.
The study received responses from over 500 CISOs, Information Security Directors and Information Security Officers. The conclusion is that even for those responsible for managing the security of their company’s applications, it has become impossible to secure those applications, even though over 90% of them are using tools to mitigate those threats.
This opens the question of ‘What tools are they using?’ and ‘Are they using them properly?’ With the application layer becoming the major target for hackers, our contention is that the application development process must build in security as part of that process. Penetration testing and scanning at the end of the cycle is too late.