Published on feb 8, 2023
The top types of flaws discovered by the different scans within the platform were also discussed. As a result of static analysis, carriage return line feed (CRLF) injection was discovered at 64.8%, followed by cryptographic issues (59.8%) and information leakage (59.3%). According to the results of dynamic analysis scans, server configuration was the most common flaw, accounting for 96.5% of all flaws found.
In the projects analyzed, it was found that applications grow by approximately 40% per year regardless of their size at the beginning. Furthermore, flaw introduction tends to follow application growth, with some exceptions.
There is a 27% chance that a given application will introduce and discover one or more new vulnerabilities within a given month. There were a number of findings in the report that allowed the number to be adjusted upwards or downwards. There was a 2% reduction in this probability for organizations that scanned their applications via APIs. In their view, API scanning tends to be a more mature activity, and it is reasonable to assume that other things, such as access control to the pipeline, are in place.
As a result of developers completing training programs, the probability of new issues was reduced by 1.8%. In contrast, applications with a higher security debt, measured in flaw density per megabyte of code, were 2.2% more likely to introduce defects.
A number of recommendations are provided in the report to assist in reducing the remediation curve as quickly as possible and as early as possible. The recommendations include prioritizing automation, providing developer security training, and establishing an application lifecycle management system. As part of application lifecycle management, the primary objective is to ensure that it is clear who owns the application, for what purpose it serves, and when the application should be retired.
5 key new features in SingleStoreDB 8.0
In SingleStoreDB 8.0, more cutting-edge features have been added to the unified database to support..
JobRunr, the Java Scheduler Library, Released Version 6.0 img
The JobRunr Java library, designed to handle background tasks within a JVM instance, released version 6.0 after..