Veracode Predicts Rise of “Everyday Hacker”

Annual “State of Software Security” reveals 32 percent of web applications remain vulnerable to most common attacks

Three of the Biggest SQL Injection Attacks in 2012 (Graphic: Business Wire)

BURLINGTON, Mass.--()--Veracode, Inc., the leader in cloud-based application security testing, today released its annual State of Software Security Report (SoSS). The report includes the latest research on software vulnerability trends as well as predictions on how these flaws could be exploited if left unaddressed and what this may mean for organizations’ security professionals.

Among the predictions offered by Veracode, the research suggests there will be a rise in “everyday hackers.” A simple Google search for “SQL injection hack” provides 1.74 million results, including videos with explicit instructions on how to exploit SQL injection vulnerabilities. The ready availability of this information makes it possible for less technically skilled hackers to take advantage of this common flaw. Although SQL injection flaws are easy to identify and fix, Veracode found that 32 percent of web applications are still affected by SQL injection vulnerabilities. As a result, Veracode believes that as many as 30 percent of breaches in 2013 will be from SQL injection attacks.

“Despite significant improvements in awareness of the importance of securing software, we are not seeing the dramatic decreases in exploitable coding flaws that should be expected,” said Chris Eng, vice president of research, Veracode. “For each customer, development team or application that has become more secure, there are an equal number that have not. Veracode’s 2013 State of Software Security Research Report provides organizations with ways to reduce the success of potential attacks on company infrastructure by understanding the threat to the application layer and outlines the implications of these trends if organizations continue on their current paths.”

The research also concluded that the leading cause of security breaches and data loss for organizations is insecure software. The report found that 70 percent of software failed to comply with enterprise security policies on their first submission for security testing. This indicates that though there have been improvements in organizations fixing flaws within their existing applications, the demand for rapid development means new vulnerabilities are constantly being introduced into their software portfolio.

“The amount of risk an organization accepts should be a strategic business decision – not the aftermath of a particular development project,” said Chris Wysopal, co-founder and CTO, Veracode. “The time for organizations to act is now. My hope is that readers will use this research to estimate their current application risk, and then consider how they can act to improve the security posture of their organization by addressing the applications that are currently in development and/or production.”

In addition to conclusions drawn about everyday hackers, Veracode also predicts:

  • Average CISO tenure will continue to decline.
  • A decrease in job satisfaction/higher turn-over for security professionals.
  • Default encryption, not ”opt-in” will become the norm for mobile applications.

Download the Report to learn of more research findings and predictions.

Download Here

About Veracode

Veracode is the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with customers in more than 80 countries worldwide representing Global 2000 brands. For more information, visit, follow on Twitter: @Veracode or read the Veracode Blog.


Weber Shandwick For Veracode:
Ellen Moss, 617-520-7138

Release Summary

Veracode, Inc., the leader in cloud-based application security testing, today released its annual State of Software Security Report (SoSS).


Weber Shandwick For Veracode:
Ellen Moss, 617-520-7138