According to Veracode’s State of Software Security report, 87 percent Android apps and 80 percent of iOS apps have encryption flaws. The report also found a lot of SQL injection problems in Web apps, particularly those written Classic ASP, ColdFusion or PHP.
“For every company that is tackling application security there are a bunch of new startups that are not,” said Chris Wysopal, co-founder, chief technology officer and chief information security officer at Veracode. He added that mobile development firms could fix many of the flaws with a single line of code. “These things are easy to fix, but they are so pervasive it goes to show that the mobile developers are really ignorant about how to write good crypto code,” he added, recommending that enterprises invest in security training for their developers.