Ixia: Developers must improve security testing and nab those anomalies
Web developers are not catching all security weaknesses before their apps go to market, allowing cyber criminals to exploit the apps, says a new study from Ixia.
The study found that while 93% of developers claim they test applications early and constantly through the development process, however the sheer amount of data breaches on a regular basis indicates that their security testing isn't up to scratch, Ixia says.
In addition, 95% of developers indicated they ran at least five security and load tests during app development, however only 56% believe it is the most important priority.
“Since only 56 per cent of developers agree that security testing is a top priority, it’s not surprising that 65 per cent of developers shipped product that had bugs or significant vulnerabilities, and 31 per cent said the product they shipped had significant vulnerabilities that required patching later in the development cycle," says Stephen Urquhart, Ixia ANZ general manager.
The most worrying statistics show that 65% of developers admitted to deploying applications that were filled with bugs, and a further 31% admitted that applications with 'significant vulnerabilities' would need to be patched later during development.
“This raises a key question: why are there still so many vulnerabilities in apps that have been tested throughout the development cycle? The likely answer is that they aren’t using the most effective testing solutions. In fact, 39 per cent of developers do not use commercial testing tools for apps and security.
"This means that, even with the best intentions, these developers are unlikely to be able to test sufficiently to eliminate bugs and vulnerabilities. Developers must test across a wide range of conditions to track every single anomaly in a product’s code to capture issues and address them effectively,” Urquhart continues.
The survey gained opinions from 363 developers about their security testing processes. Ixia recommends that developers use commercial tools in their security testing, using a solution that can find bugs, reduce costs and speeding up the development process.
Read the report here.