Web application securitytests show
that 60% of UK sites are plagued with internet encryption and
cross-site scripting vulnerabilities.
The finding forms part of NTA's Annual Web Application Security
Report 2008, which analysed data gathered from web application
security tests performed for a wide range of industry sectors,
including finance, government, education, IT, law and retail.
In addition, the
security tests found that more than three-quarters (78%) of
websites tested contained one or more medium-level risk that
may enable external users to gain unauthorised access or disrupt
service availability.
Roy Hills, technical director at NTA Monitor, said, "Weak SSL
encryption vulnerabilities may cause sessions to be compromised.
All SSL should have strong encryption of at least 128 bits, which
is almost impossible to crack."
Hills said that a number of applications are vulnerable to
cross-site scripting attacks, which enable a hostile web site to
cause potentially malicious code such as JavaScript commands to
misdirect or compromise an end user's browser.
This can enable an attacker to collect sensitive information
such as passwords and card payment details.
The full report is available from NTA by e-mailing:
marketing@nta-monitor.com