A significant portion of federal cybersecurity leaders are turning to dynamic application security testing (DAST) to accelerate the secure development of web applications, new research from MeriTalk and Invicti, a developer of security technologies shows. web apps.
The survey of 160 federal cybersecurity officials — split evenly between defense and civilian agencies — reveals the critical nature of application security, with 76% rating it as a “critical” part of national security.
Additionally, 86% have seen a breach originate from a web application in their own organization in the past year. Additionally, 84% are more concerned about the security of their agency’s web applications today than they were a year ago.
Agencies experience security issues on a regular basis, with 62% reporting project deployment delays due to application security issues, and 51% reporting service disruptions due to a web application vulnerability.
More than half of respondents reported seeing false positive results in application security scans, and 45% report data loss due to a web application vulnerability.
On top of that, nearly three-quarters of respondents agreed that their agency discovers security vulnerabilities faster than they can fix them, and their current reliance on penetration testing is having a bottleneck impact on the agency’s software development life cycles.
Faced with these realities, 80% of federal cyber professionals agreed that their agencies could adequately secure the majority of their software development lifecycle with an automated, iterative approach. In response, 38% of respondents have already put DAST to work and say they have seen significant security improvements as a result.
Respondents say barriers to further improvement fall into several categories, including budget restrictions, lack of visibility into web applications, and lack of prioritization by agency management.
For the full MeriTalk and Invicti research report, please download it.