There is a rise in security risks due to increasing online banking activities. Kaspersky Labs have reported 1966324 malware raids on online bank accounts, 798,113,087 cyber-attacks from online sources worldwide, 2% computer users were found to be affected once in a year, 24% attacks originating from the US. Due to the rising course of "banking-on-the-go", the mobile apps also come under threat which is evident from the fact that 14% cyber-attacks on banking were carried out on the Android mobile platform.

Cause behind the vulnerabilities:

SijmenRuwhof, an ethical hacker, and security expert examined Danske Bank's website. He found that the JavaScript comments in the customer login screen had sensitive information. Though the data stored in URL format had to be decoded, yet he could instantly access the data on the server side (HTTP_CONNECTION, HTTP_ACCESS), which should not happen from the security point of view.

He could see the customers' IP address through the HTTP_CLIENTIP. HTTP_COOKIE and HTTP_USER_AGENT variables were also completely revealed.

There was no use of HTTP Basic Authentication as the AUTH_USER and AUTH_PASSWORD variables were null and also the HTTPS connection had not been implemented for the bank's internal network.A similar scenario was found in various banking and financial applications in web and mobile.

Secure Development to enhance Online Banking Security:

Web Application Firewalls (WAFs) and anti-malware software are not the ultimate solutions as the attackers take advantage of the dynamic nature of the applications to access the important information. Penetration testing(pen) is the oldest method but it requires a lot of resources, many cycles for complete coverage and is useful only when the application is running.Integration of security with the development process can result in secure applications. Process automation through Static Application Security Testing (SAST) solutions like Static Code Analysis (SCA) are seeded into the developer's environment to detect the vulnerabilities in the application layer.

Benefits of security automation to improve the security of online banking:

Automation of secure Software Development Life Cycle (SDLC) enables the creation of a safe protocol where the findings related to security are treated as QA bugs.

Developers become security experts through their involvement as the security solutions are built into the development environment.

Enterprises are involving Agile, DevOps and CICD for real-time outcomes through SCA.

Spotting the vulnerabilities and consequent remedial measures make hacking difficult. This reduces post-release maintenance costs, thus giving better ROI.

The SCA solutions provide a great platform for complex development environments with support for