A significant share of Federal cybersecurity leaders are turning to dynamic application security testing (DAST) to speed the secure development of web applications, shown in new research from MeriTalk and Invicti, a developer of web application security technologies.
The survey of 160 Federal cybersecurity leaders – split evenly between defense and civilian agencies – reveals the critical nature of application security, with 76 percent rating it as a “critical” part of national security.
Moreover, 86 percent saw a breach originating in a web application in their own organization in the past year. Additionally, 84 percent are more concerned about the security of their agency’s web applications today than they were a year ago.
Agencies are experiencing security challenges regularly, with 62 percent of agencies reporting project deployment delays due to application security concerns, and 51 percent experiencing downtime due to a web application vulnerability.
More than half of respondents said they see false positive results in application security scans, and 45 percent report data loss due to a web application vulnerability.
On top of that, almost three quarters of those surveyed agreed their agency is discovering security vulnerabilities faster than they can fix them, and their current reliance on penetration testing has a bottleneck impact on agency software development lifecycles.
Faced with those realities, 80 percent of the Federal cyber professionals agreed their agencies could adequately secure a majority of their software development cycle with an automated, iterative approach. In response, 38 percent of those surveyed have already put DAST to work, and report seeing significant security improvements as a result.
Respondents say barriers to further improvement are distributed among several categories including budget restraints, lack of visibility into web applications, and lack of prioritization from agency leadership.
For the full research report from MeriTalk and Invicti, please download.