Using HP Fortify on Demand, HP tested the security of 2,107 applications published by 601 companies belonging to the Forbes Global 2000. The results of the study found that 97 per cent of the applications tested had access to a private information source – such as address books, social media, and connectivity options – within a device. Of those applications, 86 per cent did not have adequate security to protect them from common exploits.
The other vulnerabilities that the study unearthed were a lack of binary protection, insecure data storage, and a lack of transport security. Among the applications that HP scanned, 75 per cent did not use proper encryption techniques when storing data – meaning that sensitive information such as passwords, personal information, chat logs, and photos were left vulnerable to exploitation by adversaries.
Additionally, 18 per cent of participating applications sent passwords and usernames over HTTP, while another 18 per cent incorrectly implemented SSL/HTTPS.
According to Mike Armistead, VP and GM, Enterprise Security Products, HP Fortify, these vulnerabilities stem from the pressure business managers face to deploy their applications more quickly.
“There’s a premium that people feel they need to place on getting the functionality out into the consumer’s hands as fast as they can. And with this premium placed on speed, I think people are discounting the risk,” said Armistead.
Yet in many cases, a security assessment test is all that is needed to identify and remediate vulnerabilities before releasing or procuring an application. Armistead says this responsibility falls mainly on the shoulders of developers.
“The most obvious thing to do is assess the app before it gets put in some place public,” said Armistead. “I believe that it is the responsibility of the people producing the application to make sure they’re doing the right thing on security.
“We are seeing some really good work from a lot of different industries and enterprises, but there’s still a long way to go. Ultimately, what you have to do is raise the bar for application security and make it tougher on the adversary.”
HP Fortify on Demand for Mobile provides organizations with the tools to assess vulnerabilities in applications, resolve any security flaws prior to deployment, and protect applications from exploits once they’re in circulation.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…