Survey gauges Web application security spending

Not much data exists on what percentage of security budgets are dedicated to building strong Web apps

A new survey shows that despite the dismal economic conditions, more than a quarter of the companies polled expect to spend more on Web application security this year.

Data on Web application security is scarce, according to the project's founders. The new survey is intended to be conducted quarterly.

Companies often save money through Internet-based sales, but also face risks such as data breaches and a subsequent loss of consumer confidence in their services.

The Security Spending Benchmarks Project comes from the Open Web Application Security Project (OWASP), dedicated to good Web application security practices.

The benchmarking survey is headed by Boaz Gelbord, who is also executive director of information security at Wireless Generation, along with help from Jeremiah Grossman, CTO and founder of White Hat.

Fifty-one companies responded to the survey, answering questions such as how much of their budgets are dedicated to Web application security and how those applications were vetted. More than a quarter of the companies that participated generate more than $1 billion in revenue annually.

The survey doesn't show exactly how much companies spent on Web application security but rather percentages of their budgets dedicated to the area. Other questions gauged how companies feel about the importance of strong Web applications.

The results are mixed, with some responses indicating that companies are more focused on application security. Though more than 25% of companies expected to spend more on Web application security this year, thirty-six percent said spending would remain flat. Others did not respond.

Half of the companies said security is part of their branding strategy, but 61% said that security as a competitive advantage was not a motivation. Forty percent of companies said compliance was the most compelling reason for Web application security spending.

Sixty-one percent said they allow an independent third-party to review applications before deployment, with 17% saying they don't. The rest either didn't know or would do it if requested by a customer.

In a sign of how many companies are still catching up, more than third say they don't use a Web application firewall to ensure against intrusions or detect anomalies.

Insider Tip: 12 easy ways to tune your Wi-Fi network
Join the discussion
Be the first to comment on this article. Our Commenting Policies