App developers earn a ‘D’ in security

Whether you build apps in-house or purchase from outside, you’re going to want to see the results of a recent study by Aspect Security. 

More than 1,000 app developers from around the world were tested on their knowledge of threats and vulnerabilities. The results, compiled in the 2014 State of Developer Application Security Knowledge report, aren’t very encouraging.

Overall, the 1,425 participants scored an average grade of 60.77% – a barely passing D grade.

Broken down by category

In some areas, developers scored better than others.

On the good side:

  1. hardening web servers (81%)
  2. cross-site request forgery (80%)
  3. clickjacking attacks (80%), and
  4. preventing injection attacks (78%).

Some areas knowledge wasn’t as strong:

  • protecting sensitive data (20%)
  • threat modeling and architecture review (26%), and
  • web services authentication and authorization (36%).

Those scores aren’t likely to inspire confidence in IT pros.

Training, skills improvement needed

There’s certainly plenty of room for improvement across the board. They scored lower than 80% in 47 out of 53 potential areas of evaluation.

Training and education are key to making sure apps are securely designed and built. If your preferred method is in-house development, you’ll want to be sure your developers are up-to-speed on security essentials. That might require investing in training (or at the very least allowing time for techs to devote to improving skills).

For custom built apps, this can be a trickier road to navigate. Best bet: Make yourself a pest. Grill vendors on the skills and education requirements of the developers who will be building the apps.


Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy