shut the door on application vulnerabilities: hp cyber risk report

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Shut the door on application vulnerabilities: HP Cyber Risk Report

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

About the Cyber Risk Report

HP has published its Cyber Risk Report annually since 2009. HP Security

Research leverages a number of internal and external sources to develop

the report, including the HP Zero Day Initiative, HP Fortify on Demand

security assessments, HP Fortify Software Security Research,

ReversingLabs and the National Vulnerability Database.

The full methodology is detailed in the report.

Additional information about HP Enterprise Security Products

is available at http://www.hpenterprisesecurity.com

Key findings

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

56% of the applications tested exhibited weaknesses to revealing information about the application, its implementation or its users.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

74% of apps exhibit unnecessary permissions.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

80% of applications are vulnerable to misconfiguration vulnerabilities.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Hybrid development frameworks for mobile apps don’t address many well-known security issues.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Nearly 80% of applications

reviewed contained vulnerabilities rooted outside their source code.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Even expertly coded software can be dangerously vulnerable if misconfigured.

So should you focus on client-side operations or service-side applications?

So should you focus on client-side operations or service-side applications? Yes.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

To learn more, invest just 4 minutes in watching the Cyber Risk Report preview video, or download the full report for free.

Watch the video

Download the report

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Thank you