Feds Fretting Web App Security Turn to Dynamic Testing – MeriTalk
A major part of federal cybersecurity leaders are turning to dynamic application security testing (DAST) to accelerate the secure development of web applications, as shown in new research by MeriTalk and Invicti, a developer of security technologies of web applications.
The survey of 160 federal cybersecurity leaders, shared equally between civilian and defense agencies, reveals the critical nature of application security, with 76% describing it as a “critical” part of national security.
In addition, 86 percent saw a violation originated in a web application in their own organization last year. In addition, 84% are more concerned about the security of their agency’s web applications today than they were a year ago.
Agencies are experiencing security challenges on a regular basis, with 62% of agencies reporting project deployment delays due to application security issues, and 51% experiencing downtime due to a vulnerability. of a web application.
More than half of respondents said they see false positive results in application security scans and 45% report data loss due to a web application vulnerability.
In addition, nearly three-quarters of respondents agreed that their agency is discovering security vulnerabilities faster than they can address them, and their current reliance on penetration testing has an impact on life cycles. agency software development.
Faced with these realities, 80 percent of federal cybercriminals agreed that their agencies could adequately secure most of their software development cycle with an automated, iterative approach. In response, 38 percent of respondents have already put DAST to work and, as a result, have seen significant security improvements.
Respondents say barriers to further improvement fall into several categories, such as budget constraints, lack of visibility of web applications, and lack of prioritization by agency management.
To get the full MeriTalk and Invicti search report, download it.