Vulnerable Web Applications Make Web Developers an Easy Target - Even Behind a Firewall
August 03, 2017

Ferruh Mavituna
Netsparker

Most software developers make themselves easy targets for hackers, even when they are behind a corporate firewall, according to a new survey from Netsparker Ltd.

The primary reason is not that their web server software is out of date, however. Instead, it is largely the result of developers running vulnerable web applications on their computers even when they are protected by a firewall, therefore jeopardizing a corporation's network and data.

While firewalls are essential for security and protecting sensitive data, they are not a one-fix solution for vulnerable web applications. Unfortunately, many assume that security measures like firewalls are enough to prevent “bad actors” from getting inside a developer’s web browser.

The survey of US-based software developers, sampled from a broad cross-section of vertical markets, government entities and organization sizes, found:

■ 81 percent of respondents run their software on a web server

■ 89 percent claimed they keep their web server software up to date

■ 52 percent say they run vulnerable/undeveloped web applications on their server

■ 55 percent are running web apps in development on servers directly connected to the internet

■ 32 percent admitted to hardening the web applications on their test environment

These statistics should be no surprise to anyone. Yes, developers are patching their web servers, but they are still running vulnerable web applications, which is what makes them a target.

Fifty-two percent admit that they run vulnerable half-developed web applications on their web server. That’s worrisome, especially since 55 percent claim that these same web applications can be connected directly to the internet.

The survey findings illustrate the reality that enterprises approach securing their digital assets based on a holistic approach focusing on value creation, testing and dissemination processes. Indeed, while much web security and broader IT risk management attention is paid to the protection of the web servers, the failure to address vulnerabilities in software development processes and practices poses as much, if not greater, risks.

About the Survey: Propeller Insights conducted the recent survey of web developers for Netsparker from July 5-7, 2017.

Ferruh Mavituna is CEO of Netsparker Ltd.
Share this

Industry News

September 20, 2023

Oracle announced new application development capabilities to enable developers to rapidly build and deploy applications on Oracle Cloud Infrastructure (OCI).

September 20, 2023

Sonar announced zero-configuration, automatic analysis for programming languages C and C++ within SonarCloud.

September 20, 2023

DataStax announced a new JSON API for Astra DB – the database-as-a-service built on the open source Apache Cassandra® – delivering on one of the most highly requested user features, and providing a seamless experience for Javascript developers building AI applications.

September 19, 2023

Oracle announced the availability of Java 21.

September 19, 2023

Mirantis launched Lens AppIQ, available directly in Lens Desktop and as (Software as a Service) SaaS.

September 19, 2023

Buildkite announced the company has entered into a definitive agreement to acquire Packagecloud, a cloud-based software package management platform, in an all stock deal.

September 19, 2023

CrowdStrike has agreed to acquire Bionic, a provider of Application Security Posture Management (ASPM).

September 18, 2023

Perforce Software announces BlazeMeter's Test Data Pro, the latest addition to its continuous testing platform.

September 18, 2023

CloudBees announced a new cloud native DevSecOps platform that places platform engineers and developer experience front and center.

September 18, 2023

Akuity announced a new open source tool, Kargo, to implement change promotions across many application life cycle stages using GitOps principles.

September 14, 2023

CloudBees announced significant performance and scalability breakthroughs for Jenkins® with new updates to its CloudBees Continuous Integration (CI) software.

September 14, 2023

JFrog unveiled new capabilities that set the standard for quality, security, MLOps and integrity of software releases.

September 14, 2023

Enea launched the Enea Qosmos Threat Detection SDK.

September 13, 2023

Check Point® Software Technologies Ltd. announced the completion of its acquisition of Perimeter 81, a pioneering Security Service Edge (SSE) company, with a team of over 200 employees that serves more than 3,000 customers worldwide.