A huge amount of financial apps contain security flaws - and this is the best scoring industry

News
By published

Despite widespread issues, the financial services sector has actually seen an improvement

Stock trading
(Image credit: Shutterstock / Bro Crock)

Many apps related to financial services contain security flaws, but it still remains the safest sector in this regard, new research has claimed.

In its latest State of Software Security report, Veracode found nearly three-quarters (72%) of financial services apps have security flaws. However, this is the lowest of all industries analyzed in the report. It is also an improvement on last year's score for the sector.

Contributing to the improved safety of such apps are automation, targeted security training, and API scanning, claims the report, with Chris Eng, Chief Research Officer at Veracode, commenting that the sector has "made a strong showing across the board in this year’s analysis."

Scanning via API and training

He added that, "increasing competition and customer expectations, combined with tighter regulations across the industry, have put greater pressure on developers and security teams to find and fix flaws at scale."

Eng also believes that the explosion in AI tools has contributed to the increased security risk of financial apps too, as it has accelerated development so much that flaws are being proliferated.

While praising the sector for performing better this year than last, Eng also cautions that "there is more to be done" and that "increased automation and secure coding techniques" would further help to eliminate vulnerabilities. 

Scanning via API appears to have benefited financial services apps greatly, more so than apps from other industries. The report claims that by integrating API usage, enterprises have greater control over development, and those apps that scan via API have less flaws that those that don't. 

Interactive security training was also mentioned as a key factor in reducing flaws in financial services apps. When firms completed 10 such training modules, 26% fewer flaws were introduced, which places the industry well above average, according to the report.

In conclusion of the findings, Eng said that, "financial Services organizations benefit significantly from automation through API usage," adding that, "launching scans via API correlates with a lower probability that flaws will be introduced, and then a reduction in the amount of flaws that do find their way into software."

He also said that he was unsurprised that, "training also has a direct correlation with reduced flaw introduction.”

MORE FROM TECHRADAR PRO

Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
API
Businesses are being plagued by API security risks - with nearly 99% affected
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
App stores are increasingly becoming a major security worry
Holographic representation of cloud computing over open businessman's hand
Businesses are struggling to address vulnerabilities hidden in phantom dependencies
Money
Financial leaders still rely on regular tools like Excel for automation tasks over AI
Cyber-security
Empowering developers with cutting-edge security training
Classroom
Many schools still don’t have basic cybersecurity measures, research reveals
Latest in Security
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Data leak
Top California sperm bank suffers embarrassing leak
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
Latest in News
Stability AI 3D Video
Stability AI’s new virtual camera turns any image into a cool 3D video and I’m blown away by how good it is
The Google Wallet app with a mode for kids shown on-screen.
Google Wallet’s new kid-friendly payment system is a win for parents
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
Google Pixel 9a
Google is delaying the Pixel 9a to fix a mystery “component quality issue”
The bottom left corner of an Android phone, showing the Phone, Messages, Google icons and Google Search bar
Google Messages remote delete will soon save you from texting embarrassment – and here's how it works
ExpressVPN mobile app and Aircove
ExpressVPN ‘reduces workforce’ for the second time in two years
More about security
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X

A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek

Fake DeepSeek installers are infecting your device with dangerous malware
The Google Wallet app with a mode for kids shown on-screen.

Google Wallet’s new kid-friendly payment system is a win for parents
See more latest
Most Popular
The Google Wallet app with a mode for kids shown on-screen.
Google Wallet’s new kid-friendly payment system is a win for parents
Comino Grando Server
Puget Systems partners with Comino to bring more affordable liquid cooled dual-CPU, 8-GPU systems to the masses
Stability AI 3D Video
Stability AI’s new virtual camera turns any image into a cool 3D video and I’m blown away by how good it is
Elecom 9,000mAh sodium-ion battery
This is the world's first sodium-ion mobile battery, a game changer in environmental sustainability, but it's not cheap
The bottom left corner of an Android phone, showing the Phone, Messages, Google icons and Google Search bar
Google Messages remote delete will soon save you from texting embarrassment – and here's how it works
Data center server room lit with green lights
Microsoft is MIA as Amazon, Meta, Google and others join consortium to triple nuclear energy output by 2050
Thrustmaster Sol-R flight stick
Thrustmaster announces the Sol-R 1 and Sol-R 2 HOSAS flight sticks designed for space sims like Elite Dangerous
Image of AC Shadows cover art & Steam Deck
It's not perfect, but Assassin's Creed Shadows' performance is impressive - it runs smoothly on the Steam Deck and Asus ROG Ally
Google Pixel 9a
Google is delaying the Pixel 9a to fix a mystery “component quality issue”
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months