Web applications open to hack attacks

Only three per cent of web-based applications are secure enough to resist hackers, according to research.

Tests conducted on behalf of application testing specialist Sim Group show that 97 per cent of websites have 'serious security flaws', leaving data and systems open to abuse.

If the situation continues, trust in online services could be damaged, deterring already nervous consumers from buying online.

Businesses must test web-based applications for security flaws with the same stringency they apply to hardware and networks, warned Sim Group managing director Bob Bartlett.

"This figure doesn't surprise me, and it's probably something to do with head-in-the-sand syndrome," he said.

"People that have a website and are putting any volume through it are looking at it and thinking: 'Maybe there's a bit of fraud going on, but not to worry because I'm still making a profit'. People are ignoring the problem."

Tests of 300 web applications were undertaken by web security specialist Sanctum. Of the 97 per cent of serious security flaws identified, almost 40 per cent would allow malicious intruders to gain full control of information.

About 23 per cent of flaws constituted a privacy breach, while 21 per cent would allow electronic shoplifting.

About five per cent of the flaws would allow intruders to modify information, and a further five per cent allowed malicious users to hijack transactions.

Some two per cent of the holes were so serious the websites could have been deleted.

Bartlett said that more use of penetration testing would help to dispel consumer fears.

"The more testing you do, the more trust you have in the thing you are using. You are then communicating that trust to your customer," he added.