Web application security breaches often cause internal strife between security and development teams.
According to a report by Coverity and Forrester, the security department blames the developers team for lacking expertise, while the developers complain that the security staff expect too much from them. The study found that web application security incidents have become increasingly common and expensive, with 51 per cent of the 240 respondents experiencing at least one breach in the last 18 months.
At the same time, the study found that the majority of companies have yet to implement secure development practices, most often citing time-to-market pressures, funding and the lack of appropriate technologies suitable for use during development as their primary roadblocks.
Of the respondents, 71 per cent said that they lack the right security technologies suitable for development, or that security processes cannot scale with the volume of code they produce (79 per cent). Almost threequarters (71 per cent) said that they lack the funding to invest in security.
The study also found that 42 per cent of respondents follow secure coding guidelines, 17 per cent test during the development cycle and more than half do not audit their code before integration testing.
Jennifer Johnson, VP of marketing at Coverity, said: “It's clear that security practitioners and developers aren't speaking the same language when it comes to application security, and this is leading to very costly consequences for companies.
“Application security begins and ends with development. Developers need to be part of the solution but the industry won't solve the problem until security is incorporated into the development process with technologies and processes that developers can understand and adopt. Force-feeding development with legacy tools built for security teams just isn't working.”