ITWeb - The Technology News Site
FREE NEWS SERVICES
• Newsletters
• RSS feeds
• Alerts 		CAREERWEB
• Register
• Post your CV
• Find your job 		BRAINSTORM
• Subscribe
• Read online 		iWEEK
• Subscribe
• Read online
• Get into iWeek 		IT TRAINING
• TrainingWeb
ITWEB EVENTS
• Events Calendar 		FEEDBACK
• Post your feedback
• Send us a news tip
back to the ITWeb home page Sales info
SEARCH

Loading...
[Alt]
o|PRIVACY POLICY o|REPORTS
Section editor:
Ranka Jovanovic
Thu, 18 March 2010
[Application Security Survey]
Brought to you by ITWeb, HP Software+Solutions and our business partners.
 

Critical Web applications vulnerable

By Jacob Nthoiwa

A recent application security survey shows most organisations in SA are not able to comprehensively test all of their business critical Web applications for security vulnerabilities.

The Application Security Survey 2009, conducted by ITWeb and HP Software + Solutions, questioned executives from organisations in SA with between three and 10 000 employees. These executives consisted mostly of management in the financial services, telecoms, and business services sectors. The survey attempted to probe various aspects of Web application security in local organisations.

Of the respondents, 64% said comprehensive testing of business critical Web applications for security vulnerabilities is not possible. Only 45% pointed out that their organisations are required to conform to security compliance standards, like payment card industry (PCI) standards.

Comprehensive testing possible

[Comprehensive testing possible]

Slightly more than half of the respondents (53%) said their organisations have security experts checking these applications before they go into production. Most respondents revealed their organisations do not do any application penetration security testing in development, quality assurance, or after changes in production. Of these, 61% said the testing is currently being done manually and 39% said automated tools are used when testing these applications.

Some 66% of the respondents noted their organisations have a developing and testing environment to progress the application through its life cycle, with 34% saying they do not have such an environment. Some 72% of participants surveyed revealed that these applications are thoroughly tested before being moved into production. The application might not necessarily be checked by security experts.

The survey also revealed that 53% of respondents say their applications are used internally, while 47% say these applications are used by both internal and external users, or have partners accessing them.

Internal or external use

[Internal or external use]

Furthermore, 80% of respondents said these applications have Web interfaces, while 75% noted they have dedicated client applications that communicate to backend servers.

Mission critical applications in the organisation are provided by both vendors and developed in-house, according to 39% of the respondents. Some 28% said any application that is critical to the running of the business is developed in-house, while 33% said those applications are supplied by vendors.

Congratulations to Kgotso Twala and Otto Beekman, winners of a Tom Tom GPS each in our lucky prize draw.
 Survey brought to you by :
[ITWeb] [HP]



to the top of this page

Copyright (c) 1996 - 2010 ITWeb Limited. All rights reserved.
Would you like to see your news here? Contact us for more details at itnews@itweb.co.za
Striata Rackspace Sophos BBG Technologies