Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/3/2014
01:52 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SANS Institute Application Security Survey Finds Sharp Increase In Formal Appsec Programs

Yet an ongoing shortage of skills is severely hampering the implementation of effective app-sec programs

BETHESDA, Md., Feb. 3, 2014 /PRNewswire-USNewswire/ -- SANS Institute today announced that in its recent survey of 488 IT professionals, an ongoing shortage of skills in application security is severely hampering the implementation of effective Appsec programs.

The 2014 Application Security Programs and Practices survey, sponsored by Hewlett-Packard, Qualys and Veracode, queried IT and security professionals about the current and future state of application security in their organizations.

"One thing that stands out this year is the increase in number of organizations with a formal application security program in place. Approximately 83% of respondents (up from 66%) have an Appsec program in place, and more than 37% (up from 33%) have a program that has been operating for more than five years," says SANS Analyst Frank Kim. "This indicates that a lot of progress is being made, but it also highlights that there is much more to do."

In the survey, more than 35% of respondents test the security of their business-critical applications on an ongoing basis, up from 23% in last year's survey. And, encouragingly, only a small percentage (fewer than 3%) of respondents left application security to chance and did not test at all.

The survey found that a lack of qualified staff and lack of skills are seen as the major inhibitors to instituting Appsec programs.

"This year's survey provides valuable and surprising insights into the challenges that organizations face today in implementing a successful Appsec program," says SANS Analyst Jim Bird. "It's not only funding and getting management buy-in--there are other, more fundamental problems, including a shortage of skills, that are preventing people from taking care of security where it makes the most difference, upfront in design and development."

Results and insights surrounding application security will be released during a webcast on Wednesday, February 12, at 1 PM EST. To register for the complimentary webcast please visit: http://www.sans.org/info/150770

Those who register for these webcasts will be given access to an advanced copy of the associated report developed by Jim Bird and Frank Kim.

The SANS Analyst Program, www.sans.org/reading_room/analysts_program, is part of the SANS Institute.

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community.

(www.SANS.org)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
AWS CISO Talks Risk Reduction, Development, Recruitment
Kelly Sheridan, Staff Editor, Dark Reading,  6/25/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1619
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session ...
CVE-2019-1620
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could ex...
CVE-2019-1621
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker...
CVE-2019-1622
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software...
CVE-2019-10133
PUBLISHED: 2019-06-26
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.