
By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
adv ex on 5 january 2024
adv ex on 22 February 2024
Kfc Club

Patrick Stash
banner Expire 26 October 2024
Rescator cvv and dump shop
banner expire at 13 May

Yale lodge shop
banner Expire 1 April  2021


Staff member
Dec 3, 2020
More than three-quarters of applications in the retail and hospitality sector contain at least one vulnerability, with a high percentage of these requiring urgent attention, according to Veracode.

The application security vendor analyzed more than 130,000 applications to compile its latest State of Software Security report.

However, while the 76% of buggy apps in the retail and hospitality sector is about average compared to other verticals, Veracode warned that 26% are high severity — one of the worst rates of any industry.

This matters, as the industry has been delivering a raft of new applications in order to reach customers online during the pandemic, amid social distancing and lockdowns. It’s especially important to hospitality firms, which have been forced to radically reshape their business models to adapt to the new reality.

Yet while web applications can be a life-saver for such businesses, they might also introduce extra cyber-risk. They were involved in 43% of breaches analyzed by Verizon last year and were the number one attack vector for the retail industry, with personal or payment data exploited in about half of all breaches.

That said, retail and hospitality ranked second-best for overall fix rate, according to Veracode. Half of its flaws were remediated in 125 days, which is nearly one month faster than the next-fastest sector.

Veracode claimed that, although retail and hospitality firms did well at addressing common flaw types like information leakage and input validation, developers struggled with encapsulation, SQL injection and credentials management issues.

“Retail and hospitality companies face the dual pressure of being high-value targets for attackers while also requiring software that allows them to be highly responsive to customers and compliant with industry regulations such as PCI,” said Chris Eng, Veracode chief research officer.
“Using API-driven scanning and software composition analysis to scan for flaws in open source components offer the best opportunity for improvement for development teams in the sector.”
Top Bottom