SOURCE: Aspect Security, Inc.

Aspect Security, Inc.

September 15, 2014 09:00 ET

Aspect Security Analyzes Gaps in Developers' Application Security Knowledge

2014 State of Developer Application Security Knowledge Report

COLUMBIA, MD--(Marketwired - Sep 15, 2014) - Aspect Security, a pioneer in application security, today announced their findings of developers' knowledge of application security principles. The 2014 State of Developer Application Security Knowledge Report details the top areas of expertise and those critical areas that require strengthening. Data for the study came from results culled from more than 1,400 developers from 695 organizations worldwide who participated in Secure Coder Analytics, a free online assessment tool created by Aspect Security. A 20-question randomized quiz, Secure Coder Analytics arms organizations with an accurate assessment of their development team's knowledge of application security. Participants represented diverse industries including: financial services, banking, e-commerce, retail and the federal sector.

According to MITRE Corporation there are over 1,000 software vulnerabilities in existence today. Without the proper training, it is impossible to expect developers to be able to thwart the challenges in today's threat-scape. Aspect Security discovered that:

  • The worldwide aggregate score was a "D" at 60.77%.
  • Collectively, development teams performed well in the areas of: Hardening Web Servers (81%), Cross Site Request Forgery (80%), and Preventing Injection Attacks (78%).
  • Developers garnered aggregate scores of 34%, 26% and 20% for critical security areas such as Access Control Strategy, Threat Modeling and Architecture Review, and Protecting Sensitive Data.

A systemic lack of knowledge in fundamental principles such as: Protecting Sensitive Data, Access Control and Secure Session Management place organizations at risk to be exploited and compromised.

"In my 20 years of being an application security practitioner and instructor, I've never met a developer who doesn't want to develop secure code," said Jeff Williams, Co-Founder of Aspect Security and Founding Member of the Open Web Application Security Project (OWASP). "Knowing your weaknesses is the first step towards building code that's capable of defending against the complex and prevalent vulnerabilities and attacks that cause major disruptions to our personal and fiscal well-being."

A complimentary copy of Aspect Security's 2014 State of Developer Application Security Knowledge Report may be accessed at:

"Although technology has transformed to dizzying capabilities in the last thirty years, the way in which developers write code has not fundamentally changed. It's really important to find out what you don't know so that you can get better and produce secure code reliably," said Williams.

Secure Coder Analytics takes approximately 15 minutes to complete and tests knowledge in various application security areas via a multiple-choice assessment. Questions are randomized from an extensive pool of carefully vetted questions. Managers of development teams can set up their own tests and invite developers to participate anonymously. Each participant sees their own grade, while managers get aggregate scores revealing the strengths and weaknesses of the team as a whole. You may sign up for a complimentary Secure Coder Analytics account at:

Aspect Security's eLearning curriculum arms developers with the most current thinking around building security into applications. The web-based series of courses for developers, managers, testers and security architects helps companies resist application security breaches by educating those involved in creating and deploying secure applications. Aspect Security's eLearning curriculum features 57 modules each of which run approximately 20 minutes in length. The eLearning solution is in use by developers worldwide at many corporate entities, including giants in the financial, shipping and logistics, and airline industries, and government agencies.

About Aspect Security
Founded in 2002, Aspect Security is a consulting firm focused exclusively on application security, ensuring that the software that drives business is protected against hackers. Aspect Security's engineers analyze, test and validate on average of 5,000,000 lines of critical application code every month. The company unearths more than 10,000 vulnerabilities every year across a wide range of technologies and architectures, and the company's practical recommendations dramatically improve clients' security posture.

Aspect Security has taught over 100,000 developers and architects how to build, test and deploy secure applications with industry-leading application security training courses. Flexible delivery options include instructor-led training either in-person or via webcast, or, on-demand through an innovative eLearning curriculum.

Co-Founder and CTO Jeff Williams is a founding member of the Open Web Application Security Project (OWASP), through which he and his team have made vast industry contributions including: the OWASP Top Ten, Enterprise Security API (ESAPI), Application Security Verification Standard (ASVS), Risk Rating Methodology and WebGoat.

For more information, please visit

Contact Information

    Caroline Kirby
    Aspect Security
    Office: 301.604.4882
    Email Contact