State of Software Security Report
For the past 5 years, Veracode has examined trends associated with exploitable vulnerabilities in enterprise applications.
Download the Report
This report draws on continuously updated information from Veracode’s cloud-based platform, representing a wide range of:
- • Application types (web, mobile, non-web)
- • Programming languages (Java, C/C++, .NET, PHP, ColdFusion)
- • Security testing methodologies (static binary, dynamic and manual).
WHAT YOU WILL LEARN:
Based on tens of thousands of applications assessed by Veracode's cloud-based platform, this report describes key findings such as:
- • 87% of web applications fail the OWASP Top 10
- • 69% of non-web applications fail the CVE/SANS Top 25
- • Information leakage and encryption issues are among the top vulnerabilities found for mobile apps (Android, iOS, Blackberry)