2018 Application Security Research Update

2018 Application Security Research Update

MicroFocus
Published by: Research Desk Released: Apr 19, 2019

The Software Security Research (SSR) team at Micro Focus Fortify has released their annual report on the state of application security.

Here are a few things you’ll learn in this year’s “Application Security Research Update” report:

  • The Micro Focus analysis of Fortify on Demand data observed an increase of over 3x the number of unique vulnerability instances in analyzed web applications compared to previous year’s data. Furthermore, Micro Focus’ analysis of Fortify on Demand data in this report identifies the most commonly occurring vulnerabilities, and critical vulnerabilities, in web and mobile applications.
  • General Data Protection Regulation (GDPR) necessitates a complete rethinking of data handling processes, forcing a privacy-by-design methodology wherever personal data is collected and stored—regardless of the technology used.

A staggering 90% of applications have at least one issue outside of the OWASP Top 10. 49% of tested applications contained a critical or high-severity weakness that is not covered by the OWASP Top 10. While it’s a good idea to focus on the refreshed OWASP Top 10 list of web vulnerabilities, do not stop there.