One in three websites fail security test


One in three websites fail security test

Cliff Saran

More than 27% of applications tested contain a web vulnerability.

NTA Monitor has reported a 10% increase in the total number of web applications found to have at least one high-risk security issue in its 2009 Annual Web Application Security Report.

The three most popular forms of hacking were SQL injection, cross-site scripting and cross-request forgery. A SQL injection attack enables attackers to modify the database queries initiated from an application. A cross-site scripting attack enables a hostile website to cause potentially malicious code to be executed in a user's browser. In a cross-request forgery attack, a hostile website can make arbitrary HTTP requests to applications.

Roy Hills, technical director at NTA Monitor, said, "All user-supplied data should be properly sanitised before returning it to the browser or storing it in a database."

NTA Monitor urged organisations to switch from a persistent authentication method to a transient authentication method to help prevent cross-request forgery attacks.

Hills also recommended that business put in place an account lockout mechanism to lock out accounts permanently or temporarily, to help prevent brute force attacks cracking user accounts.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy