19 August 2017
visit www.avoka.com

Finance apps riddled with security holes - Veracode

23 September 2010  |  6966 views  |  0 safelock

More than half of software applications developed by banks, third party suppliers and cloud service providers contain security weaknesses that would leave them vulnerable to attack by hackers, according to research by software analytics firm Veracode.

Veracode - which provides a code-screening service - analysed more than 2900 applications submitted for testing over its cloud-based platform during the past six months.

"Findings show that overall quality of applications remains poor," says the company in its 'State of software security report' "with 57 percent failing to meet acceptable levels of security".

Third-party code - which can comprise up to 70% of internally-developed applications - was found to be riddled with security holes, with suppliers failing to achieve acceptable security standards 81% of the time.

Cloud-based services fared no better, with eight out of ten Web applications deemed substandard.

Overall, 56% of finance-related applications failed upon first submission to Veracode's testing service.

"Analysis shows that software quality of applications from banking, insurance and financial services industries is not commensurate with the security requirements expected for business critical applications," states the report.

Cross-site scripting remains prevalent, accounting for 51% of all vulnerabilities uncovered in the testing process; .NET applications exhibited abnormally high cross-site scripting vulnerabilities. Additionally, "potential backdoors" broke into the top 10 most common vulnerabilities.

Veracode clients in the financial services sector include Barclays, the DTCC, California Public Employees' Retirement System, Computershare and Experian among others.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Security firm bids to map mobile app security flaws

Security firm bids to map mobile app security flaws

30 July 2010  |  6431 views  |  0 comments
Researcher shows off ATM 'jackpot' hacks

Researcher shows off ATM 'jackpot' hacks

29 July 2010  |  12516 views  |  0 comments
Citi admits iPhone app security flaw

Citi admits iPhone app security flaw

27 July 2010  |  10703 views  |  0 comments
Banks must wake up to mobile virus threat - Ovum

Banks must wake up to mobile virus threat - Ovum

06 July 2010  |  13720 views  |  0 comments
Square roll-out delayed over security concerns

Square roll-out delayed over security concerns

21 June 2010  |  13933 views  |  1 comments
Banks increase information security budgets as threats evolve

Banks increase information security budgets as threats evolve

09 June 2010  |  12031 views  |  0 comments
Guardian Analytics raises $9 million as cybercrime rates soar

Guardian Analytics raises $9 million as cybercrime rates soar

24 May 2010  |  8024 views  |  3 comments
IBM distributes malware-laden USBs at big Aus security conference

IBM distributes malware-laden USBs at big Aus security conference

21 May 2010  |  10731 views  |  0 comments
SEC fines broker-dealer $100,000 over computer security failures

SEC fines broker-dealer $100,000 over computer security failures

20 October 2009  |  7786 views  |  0 comments
Sophisticated cybercrooks cracking bank security efforts

Sophisticated cybercrooks cracking bank security efforts

30 September 2009  |  12982 views  |  0 comments
Court allows suit against bank for poor online security

Court allows suit against bank for poor online security

08 September 2009  |  12624 views  |  1 comments
Which? criticises online banking security

Which? criticises online banking security

27 August 2009  |  10628 views  |  2 comments
RSA tries to silence blogger who exposed security flaw

RSA tries to silence blogger who exposed security flaw

14 August 2009  |  7998 views  |  1 comments
Banks sceptical on cloud computing - survey

Banks sceptical on cloud computing - survey

21 July 2009  |  8834 views  |  0 comments
Personal finance start-up Rudder suffers security lapse

Personal finance start-up Rudder suffers security lapse

21 May 2009  |  6457 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit www.worldpaymentsreport.comvisit www.niceactimize.comvisit www.dorsum.eu

Top topics

Most viewed Most shared
Mobile contactless spending accelerating in UKMobile contactless spending accelerating i...
8156 views comments | 22 tweets | 23 linkedin
Norwegian banks and startups form fintech clusterNorwegian banks and startups form fintech...
7460 views comments | 19 tweets | 23 linkedin
RBS to bring Silicon Valley to EdinburghRBS to bring Silicon Valley to Edinburgh
6404 views comments | 10 tweets | 7 linkedin
hands typing furiouslyWhy Blockchain Might Not Be The Future For...
6155 views 1 | 5 tweets | 3 linkedin
Apple sidelined as Beijing transit system launches payments appApple sidelined as Beijing transit system...
6004 views comments | 11 tweets | 9 linkedin