One Article Review
| Source |  Veracode |
|---|---|
| Identifiant | 2103304 |
| Date de publication | 2020-11-10 09:10:27 (vue: 2020-12-15 21:05:42) |
| Titre | In the Financial Services Industry, 74% of Apps Have Security Flaws |
| Texte |  Over the past year, the financial services industry has been challenged with pivoting its operations to a fully digital model, putting the security of its software center stage. Despite the unanticipated pivot, our recent State of Software Security v11 (SOSS) report found that the financial services industry has the smallest proportion of applications with security flaws compared to other sectors, along with the second-lowest prevalence of severe security flaws, and the best security flaw fix rate.
But despite the impressive fix rate, the financial services industry is falling behind when it comes to the time to make those fixes. This is a troubling finding because speed matters in application security. The time it takes for attackers to come up with exploits for newly discovered vulnerabilities is measured in days, sometimes even hours. Letting known vulnerabilities linger unfixed dramatically increases your risk. For instance, it was merely days between disclosure and exploitation of the vulnerability in the Apache Struts framework that led to theツ?Equifax breach.
By looking at the data, the reason for the delay in remediation becomes more clear. In the financial services sector, applications tend to be older than those in other industry sectors and the organizations are fairly large. Combined with these challenging factors, developers and security professionals in this industry aren???t regularly employing best practices consistent with DevSecOps and known to improve fix rates, such as scanning for security both frequently and regularly and using more than one testing type.
What does this mean for the financial services industry? The data suggests that for many financial services firms, developers face a challenging environment, with the adoption of additional DevSecOps practices showing the most opportunity for improvement in addressing security flaws.
And while talking about flaws, it???s worth noting that the most common security flaws in the financial services industry are information leakage, code quality, and CRLF injection. Injection flaws are especially important to keep an eye on since they???re the top web application security risk according to OWASP Top 10. On a positive note, the industry has lower than average cryptography, input validation, Cross-Site Scripting, and credentials management flaws.
For more information on software security trends in the financial services industry, check out The State of Software Security Industry Snapshot. |
| Envoyé | Oui |
| Condensat | about according additional addressing adoption along apache application applications apps are aren attackers average because becomes been behind best between both breach but center challenged challenging check clear code combined come comes common compared consistent credentials crlf cross cryptography data days delay despite developers devsecops digital disclosure discovered does dramatically employing environment equifax especially even exploitation exploits eye face factors fairly falling financial finding firms fix fixes flaw flaws found framework frequently fully has have hours important impressive improve improvement increases industry information injection input instance its keep known large leakage led letting linger looking lower lowest make management many matters mean measured merely model more most newly note noting older one operations opportunity organizations other out over owasp past pivot pivoting positive practices prevalence professionals proportion putting quality rate rates reason recent regularly remediation report risk scanning scripting second sector sectors security services severe showing since site smallest snapshot software sometimes soss speed stage state struts such suggests takes talking tend testing than these theツ those time top trends troubling type unanticipated unfixed using v11 validation vulnerabilities vulnerability web what when worth year your |
| Tags | Vulnerability |
| Stories | Equifax |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.