Date: 2008-04-10 Category: News

UK web applications shown to fail security tests

British enterprises implementing web applications are not adequately dealing with weak encryption or cross-site scripting XSS vulnerabilities, according to a new study.

Studying its clients, security testing firm NTA Monitor found that three in five companies have problems with web application security. It also found that one or more medium level risks contained in 78 per cent of all websites tested, many of which could enable unauthorised access or network disruption.

The Register reports that Roy Hills, technical director at NTA Monitor, described web applications as the weakest point on most companies' networks.

"Web applications are commonly the most vulnerable part of an organisation's network, as they necessarily allow internet users to input and access data," he explained.

"Content and design is frequently altered in order to keep up with demand for new features and functionality, but even simple changes could produce a new vulnerability that may threaten confidential information."

NTA recommends that organisations apply patches to all internet facing web servers and use strong encryption 128 bit SSL for all sensitive details to minimise the risk.

It warned that weak SSL encryption could cause sessions to become compromised while XSS could allow hackers to bypass access controls and gain access to the local network.


© Adfero Ltd