Web apps? It's mobile apps biz bosses should worry about – HPE
It’s all about the old days, not the 0-days, folks
Mobile application security is beginning to eclipse that of web apps as a significant risk to enterprises, according to a new study by Hewlett Packard Enterprise.
Approximately 75 per cent of the mobile applications scanned exhibited at least one critical or high-severity security vulnerability, compared to 35 percent of non-mobile applications.
Vulnerabilities due to API abuse are much more common in mobile applications than web applications, while error handling – the anticipation, detection, and resolution of errors – is more often found in web applications, HPE reports. The tech giant’s figures come via software from its HPE Security Fortify on Demand service.
Mobile applications’ frequent use of personally identifiable information creates an additional security concern.
The latest edition of HPE’s cyber-risk report (PDF) observes more generally that software vulnerability exploitation continued to be a primary vector for attack last 2015, with mobile exploits gaining traction.
The top 10 vulnerabilities exploited in 2015 were more than one year old, with 68 per cent being three years old or more. Throughout last year, Microsoft Windows represented the most targeted operating system platform, with 42 per cent of the top 20 discovered exploits directed at Microsoft platforms and applications.
Nearly a third (29 per cent) of all successful exploits in 2015 continued to use a 2010 Stuxnet infection vector that has been patched twice. ®