Application security testing is now mainstream, which is a very good thing. As most organizations know, the majority of cyberattacks are against the application level. That means if your software isn’t secure, your products, your organization, and your customers aren’t secure either.
But building trust into software takes much more than running a few automated tools. All software security testing regimens are not equal. And if you lack a full spectrum of application security testing that covers the entire software development life cycle, you can find yourself in trouble because the great majority of applications still have vulnerabilities.
That’s the message from the 2022 “Software Vulnerability Snapshot,” report by the Synopsys Cybersecurity Research Center. The report, based on nearly 4,400 intrusive tests on more than 2,700 software components or systems, found that 95% of applications had at least one vulnerability or misconfiguration, and 25% of the vulnerabilities found were high or critical risk.
In this episode of AppSec Decoded—the second of two conversations on the report—Chai Bhat, security solutions manager with the Synopsys Software Integrity Group, goes into depth on that and other major takeaways from the report, including
The latest report highlights persistent vulnerabilities in web and software application security, including information disclosure/leakage, misconfigurations, and insufficient transport layer protection. The report also emphasizes the risks of vulnerable third-party libraries and the importance of software supply chain security.