News

Poor Web security breaks law

Eric Doyle
Almost all UK companies with a Web presence could be in breach of the data protection laws, according to security consultant Neil Hare-Brown, director of QCC Information Security.

He said that the figure could be as high as 90% because of the lack of security in HTML pages. Hare-Brown cited a statement from analyst firm Gartner that in the future 75% of attacks will be launched via the Web, rather than from inside companies.

Hare-Brown advised firms to run regular penetration tests and look to external security systems to address this weakness. The browser can be a hacking tool when it has a feature that allows users to examine the HTTP scripting for Web pages. He said, "The Web site needs a protective mechanism in place to mitigate risk. It needs to be easily updated because new vulnerabilities appear as new features are added to existing pages."

Ed Barlow, technical director of application layer security specialist KaVaDo, said companies tend to deploy Web pages with scant regard to security.

He warned that cut-and-paste code from hacker sites can allow even low-grade hackers to gain administrator rights on some systems, which could leave firms open to prosecution under the data protection legislation.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy