Oracle announced new application development capabilities to enable developers to rapidly build and deploy applications on Oracle Cloud Infrastructure (OCI).
Vulnerable Web Applications Make Web Developers an Easy Target - Even Behind a Firewall
August 03, 2017
Most software developers make themselves easy targets for hackers, even when they are behind a corporate firewall, according to a new survey from Netsparker Ltd.
The primary reason is not that their web server software is out of date, however. Instead, it is largely the result of developers running vulnerable web applications on their computers even when they are protected by a firewall, therefore jeopardizing a corporation's network and data.
While firewalls are essential for security and protecting sensitive data, they are not a one-fix solution for vulnerable web applications. Unfortunately, many assume that security measures like firewalls are enough to prevent “bad actors” from getting inside a developer’s web browser.
The survey of US-based software developers, sampled from a broad cross-section of vertical markets, government entities and organization sizes, found:
■ 81 percent of respondents run their software on a web server
■ 89 percent claimed they keep their web server software up to date
■ 52 percent say they run vulnerable/undeveloped web applications on their server
■ 55 percent are running web apps in development on servers directly connected to the internet
■ 32 percent admitted to hardening the web applications on their test environment
These statistics should be no surprise to anyone. Yes, developers are patching their web servers, but they are still running vulnerable web applications, which is what makes them a target.
Fifty-two percent admit that they run vulnerable half-developed web applications on their web server. That’s worrisome, especially since 55 percent claim that these same web applications can be connected directly to the internet.
The survey findings illustrate the reality that enterprises approach securing their digital assets based on a holistic approach focusing on value creation, testing and dissemination processes. Indeed, while much web security and broader IT risk management attention is paid to the protection of the web servers, the failure to address vulnerabilities in software development processes and practices poses as much, if not greater, risks.
About the Survey: Propeller Insights conducted the recent survey of web developers for Netsparker from July 5-7, 2017.
Industry News
September 20, 2023
September 20, 2023
Sonar announced zero-configuration, automatic analysis for programming languages C and C++ within SonarCloud.
September 20, 2023
DataStax announced a new JSON API for Astra DB – the database-as-a-service built on the open source Apache Cassandra® – delivering on one of the most highly requested user features, and providing a seamless experience for Javascript developers building AI applications.
September 19, 2023
Mirantis launched Lens AppIQ, available directly in Lens Desktop and as (Software as a Service) SaaS.
September 19, 2023
Buildkite announced the company has entered into a definitive agreement to acquire Packagecloud, a cloud-based software package management platform, in an all stock deal.
September 19, 2023
CrowdStrike has agreed to acquire Bionic, a provider of Application Security Posture Management (ASPM).
September 18, 2023
Perforce Software announces BlazeMeter's Test Data Pro, the latest addition to its continuous testing platform.
September 18, 2023
CloudBees announced a new cloud native DevSecOps platform that places platform engineers and developer experience front and center.
September 18, 2023
Akuity announced a new open source tool, Kargo, to implement change promotions across many application life cycle stages using GitOps principles.
September 14, 2023
Check Point® Software Technologies Ltd. announced that it has been recognized on Newsweek’s inaugural list of the World’s Most Trustworthy Companies 2023.
September 14, 2023
CloudBees announced significant performance and scalability breakthroughs for Jenkins® with new updates to its CloudBees Continuous Integration (CI) software.
September 14, 2023
JFrog unveiled new capabilities that set the standard for quality, security, MLOps and integrity of software releases.
September 14, 2023
Enea launched the Enea Qosmos Threat Detection SDK.
September 13, 2023
Check Point® Software Technologies Ltd. announced the completion of its acquisition of Perimeter 81, a pioneering Security Service Edge (SSE) company, with a team of over 200 employees that serves more than 3,000 customers worldwide.
