News Vulnerability Management

Security Pros Say Apps Are Vulnerable -- And Constantly Attacked

Survey of RSA attendees says enterprise apps are tested hundreds of times a day

Tim Wilson March 10, 2010

If you worry that your organization's applications are vulnerable to attack, then you're not alone, according to study results released yesterday.

In a survey at the RSA Conference 2010 in San Francisco last week, researchers from security vendor Fortify found that most security pros are stressed about potential attacks on their apps.

More Security Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

In fact, 73 percent of respondents thought the applications in their companies had vulnerabilities that hackers could exploit. In fact, most agreed it would be "ignorant" to say they didn't. Twenty-six percent said they either did not know the answer or did not want to disclose the information.

And hackers are seeking to exploit those vulnerabilities, attendees said. Forty-seven percent of respondents said their companies are targeted or attacked more than once a day; many said their organizations are attacked "hundreds of times a day" or "every moment."

Most of the respondents (74 percent) said they place a high priority on software security, and most (63 percent) said they use a combination of tools for that purpose.

Eighty-eight percent of respondents admitted to doing some hacking themselves -- mostly for work purposes, they said.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Dark Reading Discussions

Start the Discussion

To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.

Follow Dark Reading

Dark Reading Reports

How Attackers Choose Which Vulnerabilities To Exploit

In the increasingly complex world of information security, it's important for security professionals to be able to understand not only how their organization's systems and data may be compromised but why. In this Dark Reading report we examine why certain vulnerabilities are exploited, by whom and with what. We also provide recommendations for getting out infront of hackers by using some of the same tools and strategies they do.
Assessing Risk and Prioritizing Vulnerability Remediation

Vulnerability remediation is a never-ending process, but, even so, security pros can't plug every hole in every asset and application. The key is to determine which vulnerabilities are most likely to be exploited and the effects such exploits would have on the business. To do this, security pros must know the business and its technology usage and needs intimately, a process that must involve stakeholders across the organization. In this report we recommend the steps that should be taken to determine the risk of vulnerabilities and the lengths to which remediation can and should go.
Finding Vulnerabilities By Attacking Your Own Environment

Vulnerability scans are valuable, but you have to think and act like a hacker if you want to truly understand the ways in which your organization could be compromised. In this report, Dark Reading recommends the tools and methodologies that can be used to test your organization's security.

Other reports from the Vulnerability Management Tech Center:

Related Content

Sponsored by

Mobile Devices Drive Majority of Endpoint Security Concerns

The results of the 2013 State of the Endpoint study tracked endpoint risk in organizations, the resources to address the risk and the technologies deployed to manage threats. This study reveals that the state of endpoint risk is not improving and one of the top concerns is the proliferation of personally owned mobile devices in the workplace such as smart phones and iPads. Download "Mobile Devices Drive Majority of Endpoint Security Concerns" to review some of the most noteworthy survey findings, address the difficulties in managing the endpoint risk, and review recommendations to make improvements.
IT Pros Guide to Data Protection: Top 5 Tips to Securing Data in the Modern Organization

Ready your organization for more robust data protection measures by first implementing these five steps to improve data security in a business- and cost-effective manner.
Best Practice Guide to Addressing Web 2.0 Risks

With the rise of user-generated content, social networks and readily available information offered by the Web 2.0-enabled workplace, users are more connected to people and ideas than ever before. This new level of connectivity also introduces significant risk. Organizations need to find the proper balance of risk vs. productivity through improved policy, controls and education of users.
Closing the Antivirus Protection Gap: A Comparative Study on Effective Endpoint Protection Strategies

Corporate economic concerns have put increased pressure on already limited IT resources in recent years as the onslaught of malware and sophistication of cyber attacks continues to grow at exponential rates. As a result, 50% of endpoint operating costs are directly attributable to malware,1 yet, corporate IT budgets are still focused on maintaining stand alone antivirus as the keystone in endpoint security. In this paper, we will benchmark the effectiveness of standalone AV and O/S resident patching solution versus newer technologies and a defense-in-depth of approach of layering multiple endpoint security and operational technologies together.
Lumension Guide to Device Control Best Practices

USB flash drives and other removable storage devices continue to proliferate throughout organizations. This could result in the loss or theft of your sensitive corporate and customer data, or in the propagation of malware like Stuxnet. Fortunately, powerful data protection tools are now available to help mitigate these risks, while still enabling flexible and managed use of these productivity devices. Learn about the best practices for deploying device control within your environment. Walk away with the recommended process to successfully prepare, enforce and manage the use of removable devices and media, and to protect your sensitive data.

Free Research and Reports

What's this?From the Editors of DarkReading

More >>

Box Icon

Whitepapers

What's this?

More >>

Box Icon

Dark Reading Digital Magazine

Dark Reading May 2013 Digital Supplemental Issue

Back Issues

In This Issue

The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.

Download Now

First Name*:
Last Name*:
Email Address*:
Job Title:
Company/Organization/Gov't Dept.:
*Required field
Privacy Statement

Security

Protect The Business - Enable Access

News Vulnerability Management

Security Pros Say Apps Are Vulnerable -- And Constantly Attacked

Survey of RSA attendees says enterprise apps are tested hundreds of times a day

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

How Attackers Choose Which Vulnerabilities To Exploit

Assessing Risk and Prioritizing Vulnerability Remediation

Finding Vulnerabilities By Attacking Your Own Environment

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue

News Vulnerability Management

Security Pros Say Apps Are Vulnerable -- And Constantly Attacked

Survey of RSA attendees says enterprise apps are tested hundreds of times a day

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

Related Content

Dark Reading Newsletter

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue