A huge amount of financial apps contain security flaws - and this is the best scoring industry

News
By Lewis Maddison
published

Despite widespread issues, the financial services sector has actually seen an improvement

Stock trading
(Image credit: Shutterstock / Bro Crock)

Many apps related to financial services contain security flaws, but it still remains the safest sector in this regard, new research has claimed.

In its latest State of Software Security report, Veracode found nearly three-quarters (72%) of financial services apps have security flaws. However, this is the lowest of all industries analyzed in the report. It is also an improvement on last year's score for the sector.

Contributing to the improved safety of such apps are automation, targeted security training, and API scanning, claims the report, with Chris Eng, Chief Research Officer at Veracode, commenting that the sector has "made a strong showing across the board in this year’s analysis."

Scanning via API and training

He added that, "increasing competition and customer expectations, combined with tighter regulations across the industry, have put greater pressure on developers and security teams to find and fix flaws at scale."

Eng also believes that the explosion in AI tools has contributed to the increased security risk of financial apps too, as it has accelerated development so much that flaws are being proliferated.

While praising the sector for performing better this year than last, Eng also cautions that "there is more to be done" and that "increased automation and secure coding techniques" would further help to eliminate vulnerabilities. 

Scanning via API appears to have benefited financial services apps greatly, more so than apps from other industries. The report claims that by integrating API usage, enterprises have greater control over development, and those apps that scan via API have less flaws that those that don't. 

Interactive security training was also mentioned as a key factor in reducing flaws in financial services apps. When firms completed 10 such training modules, 26% fewer flaws were introduced, which places the industry well above average, according to the report.

In conclusion of the findings, Eng said that, "financial Services organizations benefit significantly from automation through API usage," adding that, "launching scans via API correlates with a lower probability that flaws will be introduced, and then a reduction in the amount of flaws that do find their way into software."

He also said that he was unsurprised that, "training also has a direct correlation with reduced flaw introduction.”

MORE FROM TECHRADAR PRO

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. 

His area of expertise lies in computer peripherals and audio hardware, including speakers and headphones, having spent over a decade exploring the murky depths of audio production and PC building. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.