The first fact that arises from the study is that most of the big organizations interviewed currently have processes in place to test their web applications vulnerabilities. Most of them use penetration testing services, automated testing tools - mostly applications scanners or static code analyzers – or web application firewalls to secure their assets.
However, a majority of security managers are unsure of the current level of their application security state and do believe that a hacker could manage to exploit their applications.
Almost half do not have a clear view on the attacks currently performed against their organization.
One of the most interesting findings of this study is the gap between the efforts put into protecting applications and the actual state of the applications. While almost all organizations invest time, money and energy into protecting their infrastructure, using one or more types of service or technology, most applications remain vulnerable and are still being attacked.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.