The news comes via security firm Positive Technologies, which looked at web application security in a recent report. The results are disturbing, to say the least, with every web application tested in 2017 having at least one vulnerability, and with 94 percent having at least one vulnerability that was characterized as “high-severity.”
According to Leigh-Anne Galloway, Positive Technologies’ cybersecurity resilience lead, “Web applications practically have a target painted on their back. A large number of unfixed, exploitable vulnerabilities is a windfall for hackers, who can use these flaws to steal sensitive information or access an internal network. Fortunately, most vulnerabilities can be discovered long before an attack ever happens. The key is to analyze application source code.”
The results were even worse when looking strictly at banking and finance web applications, which made up 46 percent of the test group. Every one of the banking and finance web applications covered in the report suffered from high-severity vulnerabilities. As the organization points out, these applications are also the most attractive to hackers and so their vulnerabilities are of particular concern.
Furthermore, the data shows that 87 percent of banking and government web applications are open to attacks against users, with cross-site scripting vulnerabilities present in 82 percent of the tested web applications. That makes them good targets for phishing attacks that can infect user PCs with malware.
Clearly, the banking industry has work to do to clean up its web applications. As always, the presence of these kinds of vulnerabilities serve as a reminder that we all need to be constantly vigilant in monitoring our financial data, because we never know which online transaction will be the one that opens us up to an attack.