A recent report by the Ponemon Institute, Cenzic and Barracuda Networks has produced a startling statistic: eight-eight percent of companies surveyed indicate they spend more on coffee than they do on securing Web applications.
In spite of this staggering revelation, seventy-four percent of the organizations surveyed still ranked Web application security as being equal to or more important than other security priorities.
Clearly, organizations are struggling with Web application security issues.
"While it is encouraging to see that Web application security is on the minds of most organizations, there still seems to be a real disconnect between the desire and implementation of security countermeasures required for Web application security,” said Dr. Paul Judge of Barracuda Networks.
Other findings from the survey include:
- 66 percent test less than 25 percent of these applications for vulnerabilities
- 62 percent cited data protection as impetus for Web app security
- 51 percent cited compliance as the top reason for securing Web apps
- 51 percent listing compliance as a key driver for Web application security
- 41 percent reported having over 100 Web applications or more
"The fact that 69 percent of respondents are relying upon network firewalls to secure Web applications is like relying upon a cardboard shield for protection in a sword fight – eventually your shield will prove that it's insufficient and an attack will reach you that can fly past a network firewall," Judge stated.