Bad news if you’re one of the hundreds of millions of online banking users around the world. The chances are your bank’s website and web apps are horribly insecure. Researchers at security firm Positive Technologies, which has a commercial stake in securing web apps, tested 33 websites and services using its proprietary application inspector, and found that banking and financial institutions were “the most vulnerable” to getting hacked.
Every financial site and web app the researchers tested contained a high-severity vulnerability, they said in their report. They found XML external entity flaws and arbitrary file reading and modification flaws in about half of all the banking and financial sites they tested. In a worst case scenario, an attacker can remotely run code to compromise a vulnerable server — possibly leading to serious consequences for customers who expect their banks to keep their money safe.
Read more about the findings of the report by Positive Technologies on ZDNet.