On Air: Federal Drive with Tom Temin
Trending:
Listen Live
All News

How secure are government’s mobile apps?

Chris Wysopal, the co-founder and chief technology officer of Veracode, joined In Depth with Francis Rose to discuss a recent Veracode report examining the fede...

Federal News Network Staff
December 16, 2011 5:39 pm
< a min read
     

wfedstaff | June 4, 2015 3:10 pm

Download audio

By Jack Moore
Federal News Radio
@jmooreWFED

As federal agencies design ever more innovative mobile applications, security has never been far from top-of-mind.

But despite all the talk, government apps may not be as secure as they should be.

IT security firm Veracode recently released a report, the “State of Software Security,” examining software applications at federal agencies compared to those created and maintained by the private-sector.

        Join WTOP the week of Apr. 22 for an exclusive series bringing together government and industry experts to share initiatives and insights about efforts to transform the nation's energy infrastructure. | Register today!

The report found the government apps fared the worst.

“They had more vulnerabilities and they had more of the high-risk ones that hackers are going after,” said Veracode co-founder and chief technology officer Chris Wysopal, in an interview on In Depth with Francis Rose.

The largest area of vulnerability was in web apps, Wysopal said, which often connect to government websites.

“These kind of applications have lots of private data back there and obviously identity theft is a big deal and you don’t want people manipulating that data,” he explained. “And we found that the the types of vulnerabilities that would let attackers get at the private data were a lot more prevalent in government apps than, let’s say, finance, for instance.”

Agency apps are also less “resilient” to cyber attacks — even common ones — compared to the private sector. For example, government web applications were cited by Veracode as being at much higher risk for XSS and SQL Injection issues.

Wysopal said the culprit is how the apps are constructed, including the programming language and the education of the app developers. “That all goes in to how resilient the app ends up to attackers,” he said.

The government has a need for programmers with a background in secure programming, he added.

“The first thing is to understand how these attacks happen,” he said, “and then it’s to understand how to design the application so that it’s less likely that these attacks happen. And then, how to test these applications to make sure these vulnerabilities aren’t in there.”

        Read more: All News

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

READ MORE
     
    Army, Air Force, Navy, recruitment

    Army, Air Force ‘optimistic’ about recruitment, Navy falls behind

    Defense Read more
    Getty Images/iStockphoto/baramee2554Retirement

    Another column on retirement. This time, I’m joining you

    Federal Report Read more
Related Topics
All News Cybersecurity Mobility Radio Interviews Technology