In 2025, the global fintech cybersecurity industry was valued at $8.6 billion, driven by the unrelenting tide of cyberattacks targeting financial apps. With data breaches generating an average of $4.88 million in 2024 and cybercrime set to cost $10.5 trillion a year by the end of the year, safeguarding the apps that drive billions of transactions has never been more important. For the ordinary person who uses fintech apps to pay bills, save money, or run a business, trust is based on one thing: that their data is secure. Here enters Srajan Gupta, a Senior Security Engineer at Dave, whose innovative application security work is translating that trust into reality by embedding protection in the code of fintech apps themselves.
At fintech firm Dave, where Srajan has transformed application security, he has changed the way applications are secured. His innovation of pre-built security packages for microservices has transformed how developers build applications so that security is a central pillar, not an afterthought. By standardizing authentication, API protection, and logging, the packages deliver secure app development without inconvenience, thus enabling developers to innovate while protecting millions of end-users. Industry newsletters have taken notice of Srajan’s efforts, and it is being implemented across the entire platform of Dave. Srajan’s efforts are setting a new standard for application security in the fintech industry and beyond.
Addressing Fragmented Security
In the fast-changing world of financial technology, apps are built from microservices, small, modular pieces of code that communicate to build seamless experiences, like sending money or checking account balances. But with this flexibility comes a trap: each microservice must have its security, and when teams address these separately, the results are inconsistent. Before Srajan’s work, Dave’s developers found themselves working with a broad range of security practices. Some teams built strong protective walls; other teams left gaps, like a house with windows, some securely locked and others half open. These inconsistencies created risks of vulnerabilities that could potentially expose user data, with industry reports suggesting that 60% of fintech breaches reported in 2024 involved application weaknesses.
For developers, securing microservices was a challenging process. Writing custom API protection or authentication code took up a lot of time, held back release timelines, and often contained errors. At the same time, security teams were facing problems managing a multitude of logs and configurations, making it difficult for them to rapidly detect threats. “It was like defending a city where all the guards had their own set of rules,” Srajan describes. “We required a common approach that would make security easy and robust.” His vision was unambiguous: to have a system where developers could develop applications with confidence, knowing that security was already in place, and users could be certain that their transactions were well-protected.
Building Strong Protections
Srajan’s solution is a game-changer: pre-assembled security packages that serve as blueprints for secure code. These module toolkits contain everything developers require, from standardized user authentication to protection against API abuse to consistent logging, all packaged into a single, easy-to-use bundle. When plugged into Dave’s continuous integration and delivery (CI/CD) pipelines, these packages make each microservice secure from day one. “Security should be like the frame of a house,” Srajan says. “It is there, holding everything together, so developers can focus on turning the house into a home.”
The packages facilitated development in real terms. For Dave’s fraud detection microservice that handles millions of transactions daily, Srajan’s toolkit imposed stringent access controls, thereby making it possible only for legitimate systems to interact with sensitive data. In the context of the payments system, rate-limiting efficiently thwarted malicious attempts to bombard APIs, resulting in a 35% abuse decline. Overall, the packages’ automated security minimizes the work developers need to do to wrestle with complicated configurations. Through workshops and comprehensive guides, Srajan made it easy for teams to integrate the system, making security an assistant.
The impact wasn’t technical; it was human. Hours were restored to developers to spend on creating features that make apps smart and capable. Security teams could sleep well at night, understanding that threats were easier to spot and stop. And for users, the result was apps they could trust, sending money to a friend or operating a business account, with fewer chances of fraud or breach.
Establishing Fintech Trust
Srajan’s efforts yielded quantifiable victories. More than 20 microservices in Dave had their security packages deployed in six months, reducing vulnerabilities by 40% because developers no longer spent time building security from scratch. Consolidated logging reduced incident response time by 60%, allowing security teams to eliminate threats faster, frequently before users even realized a threat existed. Those defenses shielded billions of dollars’ worth of transactions in 2024 alone and are ongoing to establish user trust in Dave’s platform.
Compliance, an ongoing stress in fintech, also became easier. Security compliances such as PCI-DSS and SOC 2 require stringent controls on user data, and Srajan’s bundles provide them. Automated audits verified that each microservice conformed to industry best practices, making audits less intimidating and demonstrating Dave’s dedication to safeguarding users. “Security isn’t about code, it’s about making people feel confident,” Srajan says. “When apps run securely, users sense it, even if they don’t notice it.”
Apart from Dave’s work, Srajan’s method is changing the fintech security game. His system, showcased in newsletters such as tldrsec.com and resilientcyber.com, has been of particular interest to other companies with the same problem. Engineering executives at a technology conference in 2025 were enamored with his system as “a model for secure app development,” citing savings of millions of dollars in breach costs for organizations. With 80% of fintech businesses set to implement microservices by 2026, according to a recent Gartner report, Srajan’s plug-and-play solution is an immediate solution to a timely need.
Spurring Industry Transformation
Srajan’s impact reaches far beyond one company. His pre-built security packages have brought about a shift in the way the fintech industry thinks about application security; it is not a lone obligation, but a part of application development. At Dave, his work resulted in the creation of a “Security Champions” team, where engineers and developers work together and exchange best practices, thus creating a culture in which security is a shared responsibility. “It’s about empowering teams to build with confidence,” Srajan explains. “When security is easy, it becomes part of the DNA of every app.”
The wider industry is slowly appreciating the importance of cyber threats, which cost $10.5 trillion annually. As a result, businesses are rushing to secure applications without slowing innovation. Srajan’s approach to baking security into development pipelines has been recognized as a best practice in industry circles, hence affecting startups as well as behemoths. For example, his process aligns with what’s seen at companies like Netflix, where security automation enables faster and more secure releases. Since fintech apps will handle 30% of digital payments worldwide by 2025, as estimated by Statista, solutions such as Srajan’s are crucial to sustaining trust.
His packages serve a human need in the ecosystem: alleviating stress for developers and security teams. Removing tedious security drudgery, Srajan’s packages let developers concentrate on delivering value, not patching holes. Security teams, relieved of pursuing flaky logs, can shift their efforts to proactive threat hunting. This change has saved Dave’s teams hours on end, leading to quicker app updates and happier users.
Setting a New Standard
Srajan Gupta’s application security efforts are not just technical solutions; they are a complete vision of a secure online world. His pre-configured security packs have streamlined secure application development, making it simpler, quicker, and more reliable, thereby securing billions of transactions and building trust among users and developers. In a world where every click is dangerous, his work ensures that fintech apps are built on a firm bed of security, well-equipped to face the challenges that a connected world sends their way.
As cyber threats evolve, Srajan’s approach points the way forward. By making security seamless and automatic, he’s not just safeguarding apps; he’s empowering an industry to innovate with confidence. “Good security doesn’t slow you down,” he says. “It sets you free to build something amazing.” In fintech, where trust is currency, that’s a legacy that resonates.