Application Security Scanning Can Save Your Business Posted on April 9, 2015 by Tim Burke Web and mobile applications are everywhere, often working 24×7. They handle login pages, shopping carts, webmail, support and product request forms, content management systems, and much more. These apps perform in numerous client-side browser and operating system environments, and can be deployed quickly, just about anywhere, and at little or no cost. Although they may be developed in-house, many are acquired from third parties. More than 90% of enterprises use third-party offerings in their mobile BYOD efforts, according to Gartner. App security failure So maybe we shouldn’t be surprised that, by one account, 75% of cyberattacks are initiated at the web application level and at least 70% of websites face the immediate risk of being hacked. Given their popularity and importance, web and mobile apps are often rushed through development, so improper coding is inevitable. But the vulnerabilities such mistakes cause allow malicious actors to gain direct access to the databases that web and mobile apps interact with — including sensitive data (passwords, financial details, etc.). Result: highly sensational application security failures that occurred last year. And this year, Gartner expects, more than 75% of mobile apps will fail basic security tests. Top 5 web application vulnerabilities in 2014 (% of occurrence in apps by type in 2014) Source: HP Security Research Cyber Risk Report 2015 Top 5 mobile app vulnerabilities in 2014 (% of occurrence in apps by type in 2014) Source: HP Security Research Cyber Risk Report 2015 The key capability: Application security scanning Of course, such high risk warrants greater commitment to application security testing, something developers have been far too casual about — if it’s done at all. But even rigorous application security testing during and after development is not enough. It’s also critically important to conduct application security scanning once your apps are fielded. This is because inevitable changes to code and configurations can spawn entirely new vulnerabilities. Gartner believes misconfigurations alone will trigger 75% of mobile security breaches by 2017. An app security scan can prevent these and other issues, limiting exposure of your environment to cyberattack and costly malware infections. App security scan services You don’t need hard-to-find in-house expertise to handle your app security scan. An application security scan conducted by an experienced security services provider can spot problems and potential threats before they have a chance to damage your business. When a competent services provider conducts your app security scan, you’ll reduce risk of data loss, downtime, and plummeting productivity — and improve your compliance management program.