Poor Web security breaks law

Almost all UK companies with a Web presence could be in breach of the data protection laws, according to security consultant Neil...

Almost all UK companies with a Web presence could be in breach of the data protection laws, according to security consultant Neil Hare-Brown, director of QCC Information Security.

He said that the figure could be as high as 90% because of the lack of security in HTML pages. Hare-Brown cited a statement from analyst firm Gartner that in the future 75% of attacks will be launched via the Web, rather than from inside companies.

Hare-Brown advised firms to run regular penetration tests and look to external security systems to address this weakness. The browser can be a hacking tool when it has a feature that allows users to examine the HTTP scripting for Web pages. He said, "The Web site needs a protective mechanism in place to mitigate risk. It needs to be easily updated because new vulnerabilities appear as new features are added to existing pages."

Ed Barlow, technical director of application layer security specialist KaVaDo, said companies tend to deploy Web pages with scant regard to security.

He warned that cut-and-paste code from hacker sites can allow even low-grade hackers to gain administrator rights on some systems, which could leave firms open to prosecution under the data protection legislation.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close