More than 27% of applications tested contain a web vulnerability.
NTA Monitor has reported a 10% increase in the total number of web applications found to have at least one high-risk security issue in its 2009 Annual Web Application Security Report.
The three most popular forms of hacking were SQL injection, cross-site scripting and cross-request forgery. A SQL injection attack enables attackers to modify the database queries initiated from an application. A cross-site scripting attack enables a hostile website to cause potentially malicious code to be executed in a user's browser. In a cross-request forgery attack, a hostile website can make arbitrary HTTP requests to applications.
Roy Hills, technical director at NTA Monitor, said, "All user-supplied data should be properly sanitised before returning it to the browser or storing it in a database."
NTA Monitor urged organisations to switch from a persistent authentication method to a transient authentication method to help prevent cross-request forgery attacks.
Hills also recommended that business put in place an account lockout mechanism to lock out accounts permanently or temporarily, to help prevent brute force attacks cracking user accounts.