Hot off the presses, the Fall 2021 Invicti AppSec Indicator is shedding light on the state of web application security (AppSec), including areas for improvement to speed up software innovation. The report, created in partnership with Wakefield Research, surveyed 600 individuals in security, development, and DevOps across 23 industries, digging into how respondents interface with security processes daily.
The goal of the report was to better understand what’s working well in AppSec, and what we can all do to improve. As the speed of innovation rises and the dependence on web applications increases, understanding these trends and implementing an effective security strategy is more crucial than ever.
AppSec is now a shared responsibility
Cyberattacks aren’t slowing down. In 2020 alone, the FBI’s Internet Crime Complaint Center (IC3) received more than 790,000 complaints with over $4.1 billion in associated reported losses. That’s up 69% from 2019. And we know from Verizon’s annual Data Breach Investigations Report (DBIR) that 40% of attacks come through web applications targeted by threat actors.
Practitioners are feeling that heat. Survey results showed that the vast majority of respondents in development and security felt an increase in stress levels this year, while an alarming number also noted that security processes sometimes cause delays. Without a robust security program embedded into development processes, coverage gaps or inadequate processes can lead to a surplus of headaches.
Pressure results in spotty security and rising debt
With web developers spending a good chunk of their time wrestling security issues, an additional looming roadblock can overshadow innovation: security debt. Under constant pressure to innovate, it’s no surprise that organizations are skipping security steps to save time – but they’re only adding to this debt.
In our results, a notable number of respondents said that their development teams frequently complete projects without all of the necessary security checks. This only compounds existing issues and can make the backlog of issues feel more daunting, especially when organizations lack automated efforts that improve accuracy and enable innovation.
Data shows that by investing in the right automated tools and empowering development and security teams to code more securely with more accurate results, businesses can finally get the ability to innovate and change the game without sacrificing the security of their web applications.
Read the full research report here, and browse our infographic for key takeaways.
Get the latest content on web security
in your inbox each week.