Web application security tests show that 60% of UK sites are plagued with internet encryption and cross-site scripting vulnerabilities.
The finding forms part of NTA's Annual Web Application Security Report 2008, which analysed data gathered from web application security tests performed for a wide range of industry sectors, including finance, government, education, IT, law and retail.
In addition, the security tests found that more than three-quarters (78%) of websites tested contained one or more medium-level risk that may enable external users to gain unauthorised access or disrupt service availability.
Roy Hills, technical director at NTA Monitor, said, "Weak SSL encryption vulnerabilities may cause sessions to be compromised. All SSL should have strong encryption of at least 128 bits, which is almost impossible to crack."
This can enable an attacker to collect sensitive information such as passwords and card payment details.
The full report is available from NTA by e-mailing: firstname.lastname@example.org