How do web application security policies and programs translate into everyday practice? To find out, Netsparker commissioned a global survey of security professionals, covering a variety of roles and industries. The results should be a wake-up call for all security executives who still believe that all their web applications are secure and regularly tested.
The survey found numerous areas where executives take a far more optimistic view of web application security than security professionals closer to the front lines of development and cybersecurity. For example, 75% of executives believe their organization scans all web applications for security vulnerabilities, while nearly half of security staff say this is not the case. Such a rosy view of web security can lead to overconfidence in the face of growing security threats.
Even more concerning is that over 60% of DevOps respondents indicate that new security vulnerabilities are being found faster than they can be fixed. This is a clear warning that current web application security efforts are insufficient, yet only a little over 40% of executives are aware of this situation. As a result, over half of organizations are unlikely to take the necessary steps and make the required investments to remedy the situation.
Nearly two-thirds of respondents named web application security as an important focus for their organization – more than any other area of security, including network and endpoint security. Despite this, the remaining results suggest that there is still a huge gap between the theory and practice of web security. In particular, the workflows that are currently in place leave a lot to be desired in terms of efficiency and collaboration.
Read our full report New Vulnerability Found: Executive Overconfidence to discover more eye-opening results from the Netsparker survey.