TechTarget

Poor Web security breaks law

Almost all UK companies with a Web presence could be in breach of the data protection laws, according to security consultant Neil...

Almost all UK companies with a Web presence could be in breach of the data protection laws, according to security consultant Neil Hare-Brown, director of QCC Information Security.

He said that the figure could be as high as 90% because of the lack of security in HTML pages. Hare-Brown cited a statement from analyst firm Gartner that in the future 75% of attacks will be launched via the Web, rather than from inside companies.

Hare-Brown advised firms to run regular penetration tests and look to external security systems to address this weakness. The browser can be a hacking tool when it has a feature that allows users to examine the HTTP scripting for Web pages. He said, "The Web site needs a protective mechanism in place to mitigate risk. It needs to be easily updated because new vulnerabilities appear as new features are added to existing pages."

Ed Barlow, technical director of application layer security specialist KaVaDo, said companies tend to deploy Web pages with scant regard to security.

He warned that cut-and-paste code from hacker sites can allow even low-grade hackers to gain administrator rights on some systems, which could leave firms open to prosecution under the data protection legislation.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close