Vulnerable Web Applications Make Web Developers an Easy Target - Even Behind a Firewall
August 03, 2017

Ferruh Mavituna
Netsparker

Most software developers make themselves easy targets for hackers, even when they are behind a corporate firewall, according to a new survey from Netsparker Ltd.

The primary reason is not that their web server software is out of date, however. Instead, it is largely the result of developers running vulnerable web applications on their computers even when they are protected by a firewall, therefore jeopardizing a corporation's network and data.

While firewalls are essential for security and protecting sensitive data, they are not a one-fix solution for vulnerable web applications. Unfortunately, many assume that security measures like firewalls are enough to prevent “bad actors” from getting inside a developer’s web browser.

The survey of US-based software developers, sampled from a broad cross-section of vertical markets, government entities and organization sizes, found:

■ 81 percent of respondents run their software on a web server

■ 89 percent claimed they keep their web server software up to date

■ 52 percent say they run vulnerable/undeveloped web applications on their server

■ 55 percent are running web apps in development on servers directly connected to the internet

■ 32 percent admitted to hardening the web applications on their test environment

These statistics should be no surprise to anyone. Yes, developers are patching their web servers, but they are still running vulnerable web applications, which is what makes them a target.

Fifty-two percent admit that they run vulnerable half-developed web applications on their web server. That’s worrisome, especially since 55 percent claim that these same web applications can be connected directly to the internet.

The survey findings illustrate the reality that enterprises approach securing their digital assets based on a holistic approach focusing on value creation, testing and dissemination processes. Indeed, while much web security and broader IT risk management attention is paid to the protection of the web servers, the failure to address vulnerabilities in software development processes and practices poses as much, if not greater, risks.

About the Survey: Propeller Insights conducted the recent survey of web developers for Netsparker from July 5-7, 2017.

Ferruh Mavituna is CEO of Netsparker Ltd.
Share this

Industry News

May 18, 2022

Red Hat unveiled updates across its portfolio of developer tools designed to help organizations build and deliver applications faster and more consistently across Kubernetes-based hybrid and multicloud environments.

May 18, 2022

Armory announced public early access to their new Continuous Deployment-as-a-Service product.

May 18, 2022

DataCore Software announced DataCore Bolt, enterprise-grade container-native storage software for DevOps.

May 17, 2022

DevOps Institute, a global professional association for advancing the human elements of DevOps, announced the release of the Upskilling IT 2022 report.

May 17, 2022

Replicated announced a host of new platform features and capabilities that enable their customers to accelerate enterprise adoption of their Kubernetes applications.

May 17, 2022

Codefresh announced that its flagship continuous delivery (CD) platform will be made accessible as a fully-hosted solution for DevOps teams seeking to quickly and easily achieve frictionless, GitOps-based continuous software delivery in the cloud.

May 16, 2022

Red Hat announced new capabilities and enhancements across its portfolio of open hybrid cloud solutions aimed at accelerating enterprise adoption of edge compute architectures through the Red Hat Edge initiative.

May 16, 2022

D2iQ announced a partnership with GitLab.

May 16, 2022

Kasten by Veeam announced the new Kasten by Veeam K10 V5.0 Kubernetes data management platform.

May 12, 2022

Red Hat introduced Red Hat Enterprise Linux 9, the Linux operating system designed to drive more consistent innovation across the open hybrid cloud, from bare metal servers to cloud providers and the farthest edge of enterprise networks.

May 12, 2022

Couchbase announced version 7.1 of Couchbase Server.

May 12, 2022

Copado added Copado Robotic Testing to Copado Essentials.

May 11, 2022

Red Hat announced new advancements within its Red Hat Cloud Services portfolio, delivering a fully-managed and streamlined user experience as organizations build, deploy, manage and scale cloud-native applications across hybrid environments.

May 11, 2022

JFrog introduced a new Docker Desktop Extension for JFrog Xray that allows organizations to automatically scan Docker Containers for vulnerabilities and violations early in the development process.

May 11, 2022

Progress announced a series of updates in Progress Telerik and Progress Kendo UI.