18 October 2017
Register now

Finance apps riddled with security holes - Veracode

23 September 2010  |  7015 views  |  0 safelock

More than half of software applications developed by banks, third party suppliers and cloud service providers contain security weaknesses that would leave them vulnerable to attack by hackers, according to research by software analytics firm Veracode.

Veracode - which provides a code-screening service - analysed more than 2900 applications submitted for testing over its cloud-based platform during the past six months.

"Findings show that overall quality of applications remains poor," says the company in its 'State of software security report' "with 57 percent failing to meet acceptable levels of security".

Third-party code - which can comprise up to 70% of internally-developed applications - was found to be riddled with security holes, with suppliers failing to achieve acceptable security standards 81% of the time.

Cloud-based services fared no better, with eight out of ten Web applications deemed substandard.

Overall, 56% of finance-related applications failed upon first submission to Veracode's testing service.

"Analysis shows that software quality of applications from banking, insurance and financial services industries is not commensurate with the security requirements expected for business critical applications," states the report.

Cross-site scripting remains prevalent, accounting for 51% of all vulnerabilities uncovered in the testing process; .NET applications exhibited abnormally high cross-site scripting vulnerabilities. Additionally, "potential backdoors" broke into the top 10 most common vulnerabilities.

Veracode clients in the financial services sector include Barclays, the DTCC, California Public Employees' Retirement System, Computershare and Experian among others.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Security firm bids to map mobile app security flaws

Security firm bids to map mobile app security flaws

30 July 2010  |  6473 views  |  0 comments
Researcher shows off ATM 'jackpot' hacks

Researcher shows off ATM 'jackpot' hacks

29 July 2010  |  12572 views  |  0 comments
Citi admits iPhone app security flaw

Citi admits iPhone app security flaw

27 July 2010  |  10767 views  |  0 comments
Banks must wake up to mobile virus threat - Ovum

Banks must wake up to mobile virus threat - Ovum

06 July 2010  |  13774 views  |  0 comments
Square roll-out delayed over security concerns

Square roll-out delayed over security concerns

21 June 2010  |  14030 views  |  1 comments
Banks increase information security budgets as threats evolve

Banks increase information security budgets as threats evolve

09 June 2010  |  12088 views  |  0 comments
Guardian Analytics raises $9 million as cybercrime rates soar

Guardian Analytics raises $9 million as cybercrime rates soar

24 May 2010  |  8073 views  |  3 comments
IBM distributes malware-laden USBs at big Aus security conference

IBM distributes malware-laden USBs at big Aus security conference

21 May 2010  |  10775 views  |  0 comments
SEC fines broker-dealer $100,000 over computer security failures

SEC fines broker-dealer $100,000 over computer security failures

20 October 2009  |  7840 views  |  0 comments
Sophisticated cybercrooks cracking bank security efforts

Sophisticated cybercrooks cracking bank security efforts

30 September 2009  |  13109 views  |  0 comments
Court allows suit against bank for poor online security

Court allows suit against bank for poor online security

08 September 2009  |  12688 views  |  1 comments
Which? criticises online banking security

Which? criticises online banking security

27 August 2009  |  10690 views  |  2 comments
RSA tries to silence blogger who exposed security flaw

RSA tries to silence blogger who exposed security flaw

14 August 2009  |  8043 views  |  1 comments
Banks sceptical on cloud computing - survey

Banks sceptical on cloud computing - survey

21 July 2009  |  8880 views  |  0 comments
Personal finance start-up Rudder suffers security lapse

Personal finance start-up Rudder suffers security lapse

21 May 2009  |  6504 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit www.innotribe.comvisit www.capgemini.comRegister now

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
15186 views comments | 12 tweets | 4 linkedin
Swift positive on blockchain, but big challenges remainSwift positive on blockchain, but big chal...
8385 views comments | 15 tweets | 21 linkedin
hands typing furiouslyHow artificial intelligence can deliver a...
7898 views 0 | 7 tweets | 9 linkedin
satelliteGates Foundation backs Ripple collaboratio...
7336 views comments | 13 tweets | 8 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
6493 views comments | 8 tweets | 16 linkedin

Featured job

Find your next job