Cloud computing puts the security testing of applications within the reach of all developers, says application...
risk management firm Veracode.
The economics and accessibility of the model enables application security for the mass market for the first time, said Matt Moynahan, president and chief executive at Veracode.
This has been lacking, putting security testing of applications out of reach for smaller organisations and individual developers, he told Computer Weekly.
In collaboration with the Open Web Application Security Project (OWASP), Vercode aims to enable developers to see first-hand how easy and cost-effective it is to use an automated, cloud-based binary analysis of applications to check and fix vulnerabilities by giving free access to one of its testing services.
"Anyone will be able to register to upload a single application to the cloud and test for cross-site scripting (XSS) vulnerabilities," said Moynahan.
XSS is a security vulnerability typically found in web applications that enables malicious attackers to inject script into web pages viewed by other users.
"We chose XSS because even after 10 years of knowing about this vulnerability, it is still responsible for the most egregious security breaches," said Moynahan.
The cloud computing model enables application security testing at a price that smaller organisations can afford, but at a scale required by the largest of organisations, such as Barclays Bank, which has developers in 71 countries, he said.
More than half the software commonly used by businesses fails to meet acceptable levels of security, a Veracode study of 2,900 applications revealed in September 2010.
Third-party applications have the lowest security quality and failed to achieve acceptable levels of security 81% of the time the study found.