Application security is an alarming and persistent problem: Nearly one-third of all breaches can be attributed to attacks against web applications, and both web application and database attacks account for most records breached every year. That’s according to the Verizon 2013 Data Breach Investigations Report, which looked at 47,000 reported security incidents and 621 confirmed data breaches during the year prior to the report.
Web applications – because they are so easy to exploit and provide access into enterprise data – have long been top targets of attackers. That’s why it’s so surprising, or at least disappointing, that so many organizations pay application security such little attention.
For instance, our 2012 Global Information Security Survey, which was conducted by CSO and CIO magazines and PricewaterhouseCoopers and asked 12,052 business and technology executives about their organizations’ security efforts. The survey found that only 35 percent of those questioned actually include application security in their internal security policies.