As for mobile app vulnerabilities, 266 were found last year, compared to 159 in 2011.
Seventy-seven per cent of mobile apps were vulnerable some form of information, HP [NYSE: HPQ] found. Forty-eight per cent could allow an attacker to gain access to some part of the app that wasn’t supposed to be open.
“Over the course of our testing it’s very apparent that when coding mobile applications developers are just not considering the security implications of how they store, transmit or access their data.”
“In a lot of ways its like mobile developers are making the same mistakes they made 10 years ago with Web applications.”
Not only that, IT departments make fundamental mistakes, the report suggests, like someone at a firm that created the following directory: https://www.example.com/passwords.
No authentication was needed to get into the folder, which, obviously, listed passwords.
Other examples of corporate vulnerabilities
Which begs the question – and it has been asked before – has the cyber security war been lost?
“I wouldn’t say the war is lost, but we definitely need to mobilize some troops. It’s just the pace of the world – everybody’s pressured to put applications out there. And you know the old saying: Security is not something you can brush on at the end: You’ve got take it in. It’s still being bolted on at the end way too much.”
You can download the entire report here.