Guardians of the Enterprise — Insights from leading cyber experts.

Listen Now →

State of Application Security – Banking and Financial Services – H1 2025

Overview:

Cyberattacks against Banking and Financial Services (BFS) applications surged in the first half of 2025, with attackers moving beyond primary portals to exploit customer service pages, UAT environments, and third-party integrations. Fueled by AI-driven tactics, attackers increasingly targeted vulnerabilities and APIs, making BFS one of the most at-risk sectors.

The State of Application Security – BFS H1 2025 report, analyzing 600+ global BFS sites, reveals how attackers are fine-tuning payloads to bypass standard defenses and shifting towards internal-facing assets to disrupt operations and extort organizations.

Key Takeaways :

  • 742M+ attacks recorded across BFS applications
  • 1.2M attacks per BFS site, up 51% compared to H1 2024
  • 77% of all attacks aimed at exploiting vulnerabilities
  • 95% of BFS sites faced bot attacks abusing logins and transactions
  • API attacks grew by 60% as compared to the last year
  • 518% increase in DDoS attacks on APIs, far outpacing website-focused DDoS
  • DDoS attacks on websites spiked 172% during geopolitical events, underscoring rising extortion risks


APPTRANA WAAP

Web apps, APIs, and AI systems. Protected from day one. Autonomously.

OWASP Top 10 protection from day one. Zero false positives, guaranteed. Vulnerabilities discovered and patched at the edge. Experts verify enforcement before policies go live. 24x7 managed services included.

Start Free Trial Explore AppTrana
✓ Gartner Customers' Choice 4 years running 100% customer recommendation rate

No credit card required