mabl announced the addition of mobile application testing to its platform.
Most software developers make themselves easy targets for hackers, even when they are behind a corporate firewall, according to a new survey from Netsparker Ltd.
The primary reason is not that their web server software is out of date, however. Instead, it is largely the result of developers running vulnerable web applications on their computers even when they are protected by a firewall, therefore jeopardizing a corporation's network and data.
While firewalls are essential for security and protecting sensitive data, they are not a one-fix solution for vulnerable web applications. Unfortunately, many assume that security measures like firewalls are enough to prevent “bad actors” from getting inside a developer’s web browser.
The survey of US-based software developers, sampled from a broad cross-section of vertical markets, government entities and organization sizes, found:
■ 81 percent of respondents run their software on a web server
■ 89 percent claimed they keep their web server software up to date
■ 52 percent say they run vulnerable/undeveloped web applications on their server
■ 55 percent are running web apps in development on servers directly connected to the internet
■ 32 percent admitted to hardening the web applications on their test environment
These statistics should be no surprise to anyone. Yes, developers are patching their web servers, but they are still running vulnerable web applications, which is what makes them a target.
Fifty-two percent admit that they run vulnerable half-developed web applications on their web server. That’s worrisome, especially since 55 percent claim that these same web applications can be connected directly to the internet.
The survey findings illustrate the reality that enterprises approach securing their digital assets based on a holistic approach focusing on value creation, testing and dissemination processes. Indeed, while much web security and broader IT risk management attention is paid to the protection of the web servers, the failure to address vulnerabilities in software development processes and practices poses as much, if not greater, risks.
About the Survey: Propeller Insights conducted the recent survey of web developers for Netsparker from July 5-7, 2017.
Industry News
Spectro Cloud announced the achievement of a new Amazon Web Services (AWS) Competency designation.
GitLab announced the general availability of GitLab Duo Chat.
SmartBear announced a new version of its API design and documentation tool, SwaggerHub, integrating Stoplight’s API open source tools.
Red Hat announced updates to Red Hat Trusted Software Supply Chain.
Tricentis announced the latest update to the company’s AI offerings with the launch of Tricentis Copilot, a suite of solutions leveraging generative AI to enhance productivity throughout the entire testing lifecycle.
CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.
Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.
Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.
Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).
Pegasystems announced the general availability of Pega Infinity ’24.1™.
Sylabs announces the launch of a new certification focusing on the Singularity container platform.
OpenText™ announced Cloud Editions (CE) 24.2, including OpenText DevOps Cloud and OpenText™ DevOps Aviator.
Postman announced its acquisition of Orbit, the community growth platform for developer companies.
Check Point® Software Technologies Ltd. announced new email security features that enhance its Check Point Harmony Email & Collaboration portfolio: Patented unified quarantine, DMARC monitoring, archiving, and Smart Banners.