Web app security still overlooked

The need for stronger web application security was once again highlighted today by the release of new research that found 90 percent of firms' web sites contain vulnerabilities that could allow external users to disrupt web services or allow unauthorised access.

The Web Application Security Report 2007, by IT security consultancy NTA Monitor, also found that virtually all organisations tested had at least one low-risk issue that could provide attackers with information such as web server software type and make.

The research is the result of a year's work of testing with the firm's customers, according to NTA marketing manager Sarah Turner.

"The implications of these vulnerabilities will vary in criticality depending on the organisations and the type of sites they have," Turner added. "But some of our customers are banks and charities. If you're dealing with bank account details and credit card data [web app] security should be a high priority."

To improve their web application security, the report recommends that firms ensure their web servers are always up to date with patches.

It also advises that organisations make users use their mouse and keyboard when logging in, to mitigate the threat from keyloggers, and implement account lockout mechanisms after a limited number of failed attempts, in order to avoid “brute force” attacks on accounts.

See also:

Bee Ware web app security boosts performance

Bee Ware's i-Boost appliance can improve threat detection, performance and availability of apps  13 Nov 2006

HSBC web security cracked

The bank’s anti-keylogging system is flawed, say researchers  10 Aug 2006

Poor-quality application development threatens four in five firms

Companies need to apply better quality assurance procedures when building business software  27 Apr 2006

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!