Why the state of application security is not so healthy
Web applications are often a common portal for breaches, so why aren't they being better protected?
Application security is an alarming and persistent problem: Nearly one-third of all breaches can be attributed to attacks against web applications, and both web application and database attacks account for most records breached every year. That's according to the Verizon 2013 Data Breach Investigations Report, which looked at 47,000 reported security incidents and 621 confirmed data breaches during the year prior to the report.
Web applications – because they are so easy to exploit and provide access into enterprise data – have long been top targets of attackers. That's why it's so surprising, or at least disappointing, that so many organizations pay application security such little attention.