Application security testing is now mainstream, which is a very good thing. As most organizations know, the majority of cyberattacks are against the application level. That means if your software isn’t secure, your products, your organization, and your customers aren’t secure either.
But building trust into software takes much more than running a few automated tools. All software security testing regimens are not equal. And if you lack a full spectrum of application security testing that covers the entire software development life cycle, you can find yourself in trouble because the great majority of applications still have vulnerabilities.
That’s the message from the 2022 “Software Vulnerability Snapshot,” report by the Black Duck Cybersecurity Research Center. The report, based on nearly 4,400 intrusive tests on more than 2,700 software components or systems, found that 95% of applications had at least one vulnerability or misconfiguration, and 25% of the vulnerabilities found were high or critical risk.
In this episode of AppSec Decoded—the second of two conversations on the report—Chai Bhat, security solutions manager with Black Duck, goes into depth on that and other major takeaways from the report, including
Get insights into the current state of security for web-based apps and systems, including the potential impact of security vulnerabilities on business operations in high-risk sectors.