iTnews
  • Home
  • News
  • Technology
  • Security

Nine in 10 UK business websites 'insecure'

By Robert Jaques
Mar 22 2007 10:55AM
Follow google news

NTA's Annual Web Application Security Report 2007 makes grim reading.

Nine in 10 UK business websites 'insecure'
One in nine UK organisations run websites that contain one or more vulnerabilities that could enable external users to gain unauthorised access or disrupt service availability, security experts warned today.

A further 33 per cent of websites contain critical vulnerabilities that are widely known and actively exploited by hackers, according to NTA Monitor's Annual Web Application Security Report 2007.

The report analysed data gathered from web application security tests undertaken on behalf of a variety of organisations during 2006, including financial institutions, legal practices, universities and local government bodies.

Roy Hills, technical director at NTA Monitor, said: "Web applications are accessible 24/7 and control sensitive data such as customer details, credit card numbers and proprietary corporate data.

"An ever increasing number of people are using the internet for personal business such as banking, bill payments and shopping, and as a core part of their working lives in terms of remote working and resource sharing.

"It is high time that organisations took greater steps towards protecting these revenue generating and efficiency enabling systems."

As the number, size and complexity of web applications increases, so does the risk exposure, Hills warned.

The research shows that attackers focusing on web application security problems are actively developing tools and techniques to exploit the flaws.

NTA Monitor has made three key recommendations that organisations can follow to reduce their risk:
  • An account lockout mechanism should be in place to lock out accounts permanently or temporarily, to help prevent attackers from being able to brute force user accounts
  • Meta characters such as single quotes, double quotes and semicolons should be disallowed in order to minimise the threat of SQL injection attacks, which are a high risk vulnerability
  • In order to help protect against keystroke loggers, the mouse and keyboard should both be used during log-in processes. For instance, users should be asked to use drop-down boxes or radio buttons as well as keying in details

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
businessininsecureninesecurityukwebsites

Related Articles

  • Marathon OAIC investigation finds Optus breached 51,000 customers' privacy Marathon OAIC investigation finds Optus breached 51,000 customers' privacy
  • US gov shortens cyber fix window to three days US gov shortens cyber fix window to three days
  • Anthropic releases Mythos-class model for public use Anthropic releases Mythos-class model for public use
  • Apple bumps up security in fresh operating system releases Apple bumps up security in fresh operating system releases
Join our WhatsApp Channel

Partner Content

Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026
Partner Content Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026
CommBank creates opportunities for technologists to upskill with frontier AI companies
Partner Content CommBank creates opportunities for technologists to upskill with frontier AI companies
Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment
Promoted Content Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment
Scalable AI solutions: secure delivery
Scalable AI solutions: secure delivery

Sponsored Whitepapers

When cyber risk has no clear owner: A practical guide for senior Australian business leaders
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • Forrester's AI Forum Sydney Forrester's AI Forum Sydney
  • The 2026 iAwards The 2026 iAwards
  • Security Exhibition & Conference Security Exhibition & Conference
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Researchers build self-replicating AI worm with BYO LLM

Researchers build self-replicating AI worm with BYO LLM
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.