27 February 2017
visit dh.com

Mobile banking apps riddled with security holes due to poor code quality - Cast

28 August 2014  |  3490 views  |  0 Source: Cast

CAST, a leader in software analysis and measurement, today revealed new findings from its ongoing research on application software health that confirms the growing number of data breaches and security incidents can be directly linked to poor code quality.

The data reveals finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input validation violations. This is particularly concerning, considering the amount of personal and financial customer data often held in applications across these industries.

CAST EVP Lev Lesokhin who led the security analysis said, "So long as IT organizations sacrifice software quality and security for the sake of meeting unrealistic schedules, we can expect to see more high-profile attacks leading to the exposure and exploitation of sensitive customer data. Businesses handling customer financial information have a responsibility to improve software quality and reduce the operational risk of their applications --not only to protect their businesses, but ultimately their customers."

Input validation has gotten a great deal of attention this year thanks to the Heartbleed bug, which exposed over 60 percent of the internet's servers to intrusion due to improper input validation in the form of a missing bounds check in the implementation of the TLS heartbeat extension. As of June, 21 2014, it's estimated that 309,197 public web servers still remained vulnerable. In addition, a recent report revealed that input validation attacks were exploited in 80 percent of attacks against applications last year in the retail industry alone -- with perhaps the largest casualty being the record breaking eBay data breach, resulting in hackers gaining access to over 145 million user records and a federal investigation.

CAST also found that -- contrary to public perception -- government IT had the highest percentage of applications without any input validation violations (61 percent), while independent software vendors came in dead last (12 percent without violations). Even more surprising, the data showed that the financial services industry has the highest number of input validation violations per application (224) even though their applications, on average, are only half as complex as the largest application scanned.

In its biennial CRASH Report on the global state of quality in business applications to be released in September, CAST found a significant correlation between application robustness, its ability to avoid failures, and application security. Dr. Bill Curtis, chief scientist at CAST and author of the CRASH Report, said, "Some security experts argue software security is different from software quality and should be treated separately. The CRASH Report data proves this is false. Badly-constructed software won't just cause systems to crash, corrupt data, and make recovery difficult, but also leaves numerous security holes."

Comments: (0)

Comment on this story (membership required)

Related blogs

Create a blog about this story (membership required)
Visit Yelloco.co.uk visit BNP paribas

Who is commenting?

A Finextra member Finextra Member Commented on: Bank consultancy Zeb o...
A Finextra member Finextra Member Commented on: In wake of Cloudflare...
A Finextra member Finextra Member Commented on: Final PSD2 SCA & C...

Top topics

Most viewed Most shared
EBA to relax controversial PSD2 authentication rulesEBA to relax controversial PSD2 authentica...
13295 views comments | 52 tweets | 74 linkedin
RBS to become fintech fund and high street outlet for challenger banks under HMT remedyRBS to become fintech fund and high street...
8744 views comments | 40 tweets | 34 linkedin
BNY Mellon seeks blockchain experts for new emerging biz and tech teamBNY Mellon seeks blockchain experts for ne...
7426 views comments | 7 tweets | 4 linkedin
hands typing furiouslyBlockchain Technology
7189 views 1 | 18 tweets | 7 linkedin
High rate of defaults hit P2P lending sectorHigh rate of defaults hit P2P lending sect...
7050 views comments | 19 tweets | 13 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job