60% of UK websites plagued by encryption and cross-site scripting vulnerabilities

Web application security tests show that 60% of UK sites are plagued with internet encryption and cross-site scripting vulnerabilities.

Web application security tests show that 60% of UK sites are plagued with internet encryption and cross-site scripting vulnerabilities.

The finding forms part of NTA's Annual Web Application Security Report 2008, which analysed data gathered from web application security tests performed for a wide range of industry sectors, including finance, government, education, IT, law and retail.

In addition, the security tests found that more than three-quarters (78%) of websites tested contained one or more medium-level risk that may enable external users to gain unauthorised access or disrupt service availability.

Roy Hills, technical director at NTA Monitor, said, "Weak SSL encryption vulnerabilities may cause sessions to be compromised. All SSL should have strong encryption of at least 128 bits, which is almost impossible to crack."

Hills said that a number of applications are vulnerable to cross-site scripting attacks, which enable a hostile web site to cause potentially malicious code such as JavaScript commands to misdirect or compromise an end user's browser.

This can enable an attacker to collect sensitive information such as passwords and card payment details.

The full report is available from NTA by e-mailing: marketing@nta-monitor.com




Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close