Mobile application security is beginning to eclipse that of web apps as a significant risk to enterprises, according to a new study by Hewlett Packard Enterprise.
Approximately 75 per cent of the mobile applications scanned exhibited at least one critical or high-severity security vulnerability, compared to 35 percent of non-mobile applications.
More ReadingIt's all very well hacking ISIS, Barry, but what about your ISA?Six-year-old patched Stuxnet hole still the web's biggest killerPatch ASAP: Tons of Linux apps can be hijacked by evil DNS servers, man-in-the-middle miscreantsHack VMware, score US$75K. Hack Flash, get much lessDon't touch that PDF or webpage until your Windows PC is patched
Vulnerabilities due to API abuse are much more common in mobile applications than web applications, while error handling – the anticipation, detection, and resolution of errors – is more often found in web applications, HPE reports. The tech giant’s figures come via software from its HPE Security Fortify on Demand service.
Mobile applications’ frequent use of personally identifiable information creates an additional security concern.
The latest edition of HPE’s cyber-risk report (PDF) observes more generally that software vulnerability exploitation continued to be a primary vector for attack last 2015, with mobile exploits gaining traction.
The top 10 vulnerabilities exploited in 2015 were more than one year old, with 68 per cent being three years old or more. Throughout last year, Microsoft Windows represented the most targeted operating system platform, with 42 per cent of the top 20 discovered exploits directed at Microsoft platforms and applications.
Nearly a third (29 per cent) of all successful exploits in 2015 continued to use a 2010 Stuxnet infection vector that has been patched twice. ®