A large number of retail apps are hiding serious security flaws

Retail app
(Image credit: Pexels)

A concerning number of apps in the retail and hospitality sectors have at least one security flaw, according to new research from security firm Veracode.

Analysing over 130,000 applications, Veracode found that 76% in the retail and hospitality sectors had at least one security flaw, which was a similar figure to that found in other industries, including financial services, technology, and healthcare. More worryingly, 26% of the applications were found to contain high-severity issues, the second-highest proportion out of the six industry sectors analyzed.

Many retail apps tend to be larger and older than in other sectors, which can make them easy targets for security researchers, or cyberattackers, hunting down vulnerabilities. In particular, Veracode found that this sector struggled with encapsulation, SQL injection, and credential management flaws.

Finding a fast fix

However the report also found that the retail and hospitality sectors came second out of all the industries analyzed for flaw remediation. 

Half of the security issues identified were fixed in 125 days, almost a month faster than the next-quickest sector.

“Retail and hospitality companies face the dual pressure of being high-value targets for attackers while also requiring software that allows them to be highly responsive to customers and compliant with industry regulations such as PCI,” said Chris Eng, Chief Research Officer at Veracode. 

“Developers in the retail and hospitality sector appear to do a better job than others when dealing with issues related to information leakage and input validation. Using API-driven scanning and software composition analysis to scan for flaws in open source components offer the most opportunity for improvement for development teams in the retail sector.”

With coronavirus restrictions still in place for many countries, ecommerce is thriving, although the hospitality sector continues to struggle. The possibility of cyberattacks is another issue that they must continue to safeguard against, even though customer numbers remain low.

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.