Finance and retail applications most vulnerable to breaches

IT security

Finance and retail applications most vulnerable to breaches

Karl Flinders

Finance and retail applications are the most susceptible to hacking attacks because of data input by customers, according to research.

Research from software testing company CAST revealed that 69% of finance applications and 70% of retail applications have data input validation violations.

130710_cs0278.jpg

This enables hackers to use buffer overflow attacks to run malicious code, which is put into the input field where customers enter their details.

In its Crash report, CAST analysed 705 million lines of code used by 1,316 enterprise applications.

Input validation violations are caused by poor code quality which indirectly causes security vulnerability. 

Lev Lesokhin, vice-president of CAST, said as long as organisations overlook the impact that software quality can have on security, there will be more attacks and breaches of confidential information.

“Businesses handling customer financial information have a responsibility to improve software quality and reduce the operational risk of their applications – not only to protect their businesses, but ultimately their customers,” he said.

The report revealed that government applications comprise the highest percentage of applications without any input validation violations – 61%. It also found that the financial services industry has 224 input validation violations per app.

Bill Curtis, chief scientist at CAST and author of the Crash report, which will be released next month, said some security experts argue that software security is different from software quality and should be treated separately. 

“The Crash report data proves this is false,” he said. “Badly constructed software will not only cause systems to crash, corrupt data and make recovery difficult, it will also leave numerous security holes.”


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy