Ovum: Developers prioritise site cosmetics over security

Web developers are placing too much emphasis on the appearance of web sites and not enough on security, according to a new report from analyst firm Ovum.

The report cites recent cyber attacks on Sony, security firm RSA, and several financial institutions, making the point that even respected organisations have suffered breaches as a result of this lack of focus.

Andy Kellett, Ovum analyst and author of the report, said that secure code just isn't currently a priority for most enterprises.

"In the past developers have put too much emphasis on web cosmetics, the look and feel, the speed, and the ease of access. Not enough importance has been placed on the requirement to write secure code and deliver a hardened infrastructure."

He added that this has resulted in the majority of the world's top web sites suffering security breaches.

"As a result, during the past three years, up to 70 per cent of the web's top 100 sites have either hosted malicious content, or have contained redirect facilities to illegitimate web sites."

The report recommends real-time analysis and inspection of web pages and their content in order to ensure that users remain safe.

Kellett said that the increasing interactivity of web sites has further increased the risk to businesses and users.

"The use of Web 2.0 services, the requirement for social media access in a business and personal context, and the introduction of an increasing number of new mobile devices mean that the real-time elements of web protection have to deal with the combined requirements of corporate and social use."