News

One in three websites fail security test

Cliff Saran

More than 27% of applications tested contain a web vulnerability.

NTA Monitor has reported a 10% increase in the total number of web applications found to have at least one high-risk security issue in its 2009 Annual Web Application Security Report.

The three most popular forms of hacking were SQL injection, cross-site scripting and cross-request forgery. A SQL injection attack enables attackers to modify the database queries initiated from an application. A cross-site scripting attack enables a hostile website to cause potentially malicious code to be executed in a user's browser. In a cross-request forgery attack, a hostile website can make arbitrary HTTP requests to applications.

Roy Hills, technical director at NTA Monitor, said, "All user-supplied data should be properly sanitised before returning it to the browser or storing it in a database."

NTA Monitor urged organisations to switch from a persistent authentication method to a transient authentication method to help prevent cross-request forgery attacks.

Hills also recommended that business put in place an account lockout mechanism to lock out accounts permanently or temporarily, to help prevent brute force attacks cracking user accounts.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy