With emerging technologies, the hackers, viruses and malwares are also increasing which are putting the network security at strong risk. Recently, on behalf of Coverity (the development testing leader), Forrestor Consulting conducted a commissioned study called as "The Software Security Risk Report" to examine the application security. The result of the report was released on 18th September 2012 by Coverity. The report shows that the web application security threats have increased - many companies responding to the study said that they have experienced at least one web application security incident in the last 18 months which resulted in the companies losing their substantial amount of money.
Coverity, incorporated in November 2002, develops static code analysis tools to find the security vulnerabilities in the source code. Its headquarters are located in San Francisco and is funded by Benchmark Capital as well as Foundation Capital. It is preferred by most of the companies that seek to protect their products from software failures. Converity's development testing suite is used to test the source code for software defects which can result in catastrophic failures, security breaches, unexpected behavior of software, and product crashes.
The developers who responded to the survey said that there is a need of expertise to work with the existing security tool. They also said that the lack of integration of security tool with their developing environment makes them suffer a lot. However, according to some of the security practitioners there is a need of integration but there is no need of expertise to use the security tools.
The report surveyed 240 European and North American companies that develop web applications and revealed that the security incidents are constantly increasing and they are expensive too. Among the reporting incidents since last year, 2% of the companies have lost more than $10 million, 8% have lost more than $1 million, while 18% of the companies have incurred a losses of around $500,000.
According to the report, 71% of the suffering companies lacked the security technologies to test their products, while 41% percent of the companies didn't get time to push security into development because of the pressure to launch the product in the market soon.
Considering above facts, there is a need to integrate the security tool with the product development process so that the companies will not suffer from negative financial consequences. The product developers and security practitioners have to find out some effective solutions to deal with the web application security breach.