Kong announced the general availability of Kong Gateway Open Source (OSS) 3.7.
Vulnerable Web Applications Make Web Developers an Easy Target - Even Behind a Firewall
August 03, 2017
Most software developers make themselves easy targets for hackers, even when they are behind a corporate firewall, according to a new survey from Netsparker Ltd.
The primary reason is not that their web server software is out of date, however. Instead, it is largely the result of developers running vulnerable web applications on their computers even when they are protected by a firewall, therefore jeopardizing a corporation's network and data.
While firewalls are essential for security and protecting sensitive data, they are not a one-fix solution for vulnerable web applications. Unfortunately, many assume that security measures like firewalls are enough to prevent “bad actors” from getting inside a developer’s web browser.
The survey of US-based software developers, sampled from a broad cross-section of vertical markets, government entities and organization sizes, found:
■ 81 percent of respondents run their software on a web server
■ 89 percent claimed they keep their web server software up to date
■ 52 percent say they run vulnerable/undeveloped web applications on their server
■ 55 percent are running web apps in development on servers directly connected to the internet
■ 32 percent admitted to hardening the web applications on their test environment
These statistics should be no surprise to anyone. Yes, developers are patching their web servers, but they are still running vulnerable web applications, which is what makes them a target.
Fifty-two percent admit that they run vulnerable half-developed web applications on their web server. That’s worrisome, especially since 55 percent claim that these same web applications can be connected directly to the internet.
The survey findings illustrate the reality that enterprises approach securing their digital assets based on a holistic approach focusing on value creation, testing and dissemination processes. Indeed, while much web security and broader IT risk management attention is paid to the protection of the web servers, the failure to address vulnerabilities in software development processes and practices poses as much, if not greater, risks.
About the Survey: Propeller Insights conducted the recent survey of web developers for Netsparker from July 5-7, 2017.
Industry News
May 23, 2024
Azul announced the launch of its PartnerConnect training and certification program to empower channel partners to provide advanced Java advisory and delivery services.
May 22, 2024
Mendix announced a partnership with Snowflake to enable the enterprise to activate and drive maximum value from their data through low-code application development.
May 22, 2024
LaunchDarkly set the stage for “shipping at the speed of now” with the unveiling of new features, empowering engineering teams to streamline releases and accelerate the pace of innovation.
May 22, 2024
Tigera launched new features for Calico Enterprise and Calico Cloud, extending the products' Runtime Threat Defense capabilities.
May 22, 2024
Cirata announced the latest version of Cirata Gerrit MultiSite®.
May 21, 2024
Puppet by Perforce announced a significant enhancement to the capabilities of its commercial offering with the addition of new security, compliance, and continuous integration/continuous delivery (CI/CD) capabilities.
May 21, 2024
Red Hat and Nutanix announced an expanded collaboration to use Red Hat Enterprise Linux as an element of Nutanix Cloud Platform.
May 21, 2024
Nutanix announced Nutanix Kubernetes® Platform (NKP) to simplify management of container-based modern applications using Kubernetes.
May 21, 2024
Octopus Deploy announced their GitHub Copilot Extension that increases efficiency and helps developers stay in the flow.
May 20, 2024
Pegasystems introduced Pega GenAI™ Coach, a generative AI-powered mentor for Pega solutions that proactively advises users to help them achieve optimal outcomes.
May 20, 2024
SmartBear introduces SmartBear HaloAI, trusted AI-driven technology deploying across its entire product portfolio.
May 16, 2024
Pegasystems announced the general availability of Pega Infinity ’24.1™.
May 16, 2024
Mend.io and Sysdig unveiled a joint solution to help developers, DevOps, and security teams accelerate secure software delivery from development to deployment.
May 16, 2024
GitLab announced new innovations in GitLab 17 to streamline how organizations build, test, secure, and deploy software.
