File this one under “Worst News of the Day”. According to a report from Cenzic, a staggering 99% of all web-based and mobile apps it tested have security
vulnerabilities that can be exploited by cybercriminals
, and the median number of vulnerabilities per app is thirteen
The included infographic shows the areas of vulnerability that exist, and the report details the type, frequency, and severity of these issues as they pertain to web- and cloud
-based and mobile applications. Cross-scripting is the most common type of vulnerability. For their part, mobile applications are vulnerable to threats from privacy violations, infrastructure, session management, and more.
Cenzic CTO Scott Parcel told Net Security that security at the application layer must be addressed by businesses, as companies apparently are asleep at the wheel in terms of both existing threats and evolving threats. “As the rush to create a multitude of connected mobile apps has led corporations to essentially rip out walls and replace them with unlocked doors, leaving them even less aware of how to secure at scale," said Parcel.
We imagine that providers of cloud and Web-based services will have something to say about this report, but it doesn’t really help us sleep any better at night.