22 July 2018
Visit www.gemalto.com

Finance apps riddled with security holes - Veracode

23 September 2010  |  7125 views  |  0 safelock

More than half of software applications developed by banks, third party suppliers and cloud service providers contain security weaknesses that would leave them vulnerable to attack by hackers, according to research by software analytics firm Veracode.

Veracode - which provides a code-screening service - analysed more than 2900 applications submitted for testing over its cloud-based platform during the past six months.

"Findings show that overall quality of applications remains poor," says the company in its 'State of software security report' "with 57 percent failing to meet acceptable levels of security".

Third-party code - which can comprise up to 70% of internally-developed applications - was found to be riddled with security holes, with suppliers failing to achieve acceptable security standards 81% of the time.

Cloud-based services fared no better, with eight out of ten Web applications deemed substandard.

Overall, 56% of finance-related applications failed upon first submission to Veracode's testing service.

"Analysis shows that software quality of applications from banking, insurance and financial services industries is not commensurate with the security requirements expected for business critical applications," states the report.

Cross-site scripting remains prevalent, accounting for 51% of all vulnerabilities uncovered in the testing process; .NET applications exhibited abnormally high cross-site scripting vulnerabilities. Additionally, "potential backdoors" broke into the top 10 most common vulnerabilities.

Veracode clients in the financial services sector include Barclays, the DTCC, California Public Employees' Retirement System, Computershare and Experian among others.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Security firm bids to map mobile app security flaws

Security firm bids to map mobile app security flaws

30 July 2010  |  6548 views  |  0 comments
Researcher shows off ATM 'jackpot' hacks

Researcher shows off ATM 'jackpot' hacks

29 July 2010  |  13013 views  |  0 comments
Citi admits iPhone app security flaw

Citi admits iPhone app security flaw

27 July 2010  |  10961 views  |  0 comments
Banks must wake up to mobile virus threat - Ovum

Banks must wake up to mobile virus threat - Ovum

06 July 2010  |  13927 views  |  0 comments
Square roll-out delayed over security concerns

Square roll-out delayed over security concerns

21 June 2010  |  14247 views  |  1 comments
Banks increase information security budgets as threats evolve

Banks increase information security budgets as threats evolve

09 June 2010  |  12203 views  |  0 comments
Guardian Analytics raises $9 million as cybercrime rates soar

Guardian Analytics raises $9 million as cybercrime rates soar

24 May 2010  |  8204 views  |  3 comments
IBM distributes malware-laden USBs at big Aus security conference

IBM distributes malware-laden USBs at big Aus security conference

21 May 2010  |  10910 views  |  0 comments
SEC fines broker-dealer $100,000 over computer security failures

SEC fines broker-dealer $100,000 over computer security failures

20 October 2009  |  7974 views  |  0 comments
Sophisticated cybercrooks cracking bank security efforts

Sophisticated cybercrooks cracking bank security efforts

30 September 2009  |  13837 views  |  0 comments
Court allows suit against bank for poor online security

Court allows suit against bank for poor online security

08 September 2009  |  12910 views  |  1 comments
Which? criticises online banking security

Which? criticises online banking security

27 August 2009  |  10855 views  |  2 comments
RSA tries to silence blogger who exposed security flaw

RSA tries to silence blogger who exposed security flaw

14 August 2009  |  8159 views  |  1 comments
Banks sceptical on cloud computing - survey

Banks sceptical on cloud computing - survey

21 July 2009  |  9002 views  |  0 comments
Personal finance start-up Rudder suffers security lapse

Personal finance start-up Rudder suffers security lapse

21 May 2009  |  6630 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
Visit https://secure.vasco.comVisit info.nice.comVisit http://go.jumio.com/finextraAd

Who is commenting?

Top topics

Most viewed Most shared
Calmejane quits Lloyds Bank to join SocGenCalmejane quits Lloyds Bank to join SocGen
13564 views comments | 6 tweets | 8 linkedin
Hong Kong plans September go-live for blockchain-based trade financeHong Kong plans September go-live for bloc...
11235 views comments | 9 tweets | 17 linkedin
Mastercard enlists Worldpay to push Vocalink's Pay by Bank appMastercard enlists Worldpay to push Vocali...
10108 views 19 comments | 15 tweets | 30 linkedin
IBM to test dollar-pegged 'stablecoin'IBM to test dollar-pegged 'stablecoin'
7440 views comments | 4 tweets | 14 linkedin
Bringing about new systems and faster payments globallyBringing about new systems and faster paym...
7256 views comments | 2 tweets | 7 linkedin

Featured job

Competitive base, double ote, benefits
New York City, NY USA

Find your next job