68 percent of Web applications have cross-site scripting flaws, according to a study by Veracode. The company analyzed more than 9,900 applications submitted to its cloud-based scanning service over the last 18 months. For the first time, the company also took a look at vulnerabilities in a small set of Android applications. A hard-coded cryptographic key can be extracted from a non-J2EE application by copying the application, the report says. The report found that close to one-third of the Android applications transmitted at least one piece of sensitive information.”]