Finance apps riddled with security holes - Veracode
23 September 2010 | 6966 views | 0
More than half of software applications developed by banks, third party suppliers and cloud service providers contain security weaknesses that would leave them vulnerable to attack by hackers, according to research by software analytics firm Veracode.
Veracode - which provides a code-screening service - analysed more than 2900 applications submitted for testing over its cloud-based platform during the past six months.
"Findings show that overall quality of applications remains poor," says the company in its 'State of software security report' "with 57 percent failing to meet acceptable levels of security".
Third-party code - which can comprise up to 70% of internally-developed applications - was found to be riddled with security holes, with suppliers failing to achieve acceptable security standards 81% of the time.
Cloud-based services fared no better, with eight out of ten Web applications deemed substandard.
Overall, 56% of finance-related applications failed upon first submission to Veracode's testing service.
"Analysis shows that software quality of applications from banking, insurance and financial services industries is not commensurate with the security requirements expected for business critical applications," states the report.
Cross-site scripting remains prevalent, accounting for 51% of all vulnerabilities uncovered in the testing process; .NET applications exhibited abnormally high cross-site scripting vulnerabilities. Additionally, "potential backdoors" broke into the top 10 most common vulnerabilities.
Veracode clients in the financial services sector include Barclays, the DTCC, California Public Employees' Retirement System, Computershare and Experian among others.