• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A large number of retail apps are hiding serious security flaws

PCHF IT Feeds

PCHF Tech News
PCHF Bot
Jan 10, 2015
49,808
26
pchelpforum.net
A concerning number of apps in the retail and hospitality sectors have at least one security flaw, according to new research from security firm Veracode.

Analysing over 130,000 applications, Veracode found that 76% in the retail and hospitality sectors had at least one security flaw, which was a similar figure to that found in other industries, including financial services, technology, and healthcare. More worryingly, 26% of the applications were found to contain high-severity issues, the second-highest proportion out of the six industry sectors analyzed.

Many retail apps tend to be larger and older than in other sectors, which can make them easy targets for security researchers, or cyberattackers, hunting down vulnerabilities. In particular, Veracode found that this sector struggled with encapsulation, SQL injection, and credential management flaws.

Finding a fast fix​


However the report also found that the retail and hospitality sectors came second out of all the industries analyzed for flaw remediation.

Half of the security issues identified were fixed in 125 days, almost a month faster than the next-quickest sector.

“Retail and hospitality companies face the dual pressure of being high-value targets for attackers while also requiring software that allows them to be highly responsive to customers and compliant with industry regulations such as PCI,” said Chris Eng, Chief Research Officer at Veracode.

“Developers in the retail and hospitality sector appear to do a better job than others when dealing with issues related to information leakage and input validation. Using API-driven scanning and software composition analysis to scan for flaws in open source components offer the most opportunity for improvement for development teams in the retail sector.”

With coronavirus restrictions still in place for many countries, ecommerce is thriving, although the hospitality sector continues to struggle. The possibility of cyberattacks is another issue that they must continue to safeguard against, even though customer numbers remain low.


Continue reading...