This document summarizes the findings of a study on the state of web application security. The study found that while data theft is seen as the biggest threat, organizations are not allocating sufficient resources to secure critical web applications. Specifically:
- 70% of respondents said their organizations do not allocate enough resources for web application security.
- 34% of urgent vulnerabilities are not fixed in a timely manner.
- Proactive organizations spend more than twice as much (25% vs 12%) on web application security and are more likely to use firewalls and cloud-based solutions than reactive organizations.