Majority UK of web sites vulnerable to attack

A third of sites contain critical vulnerabilities

NTA Monitor: 90 per cent of web sites contain security problems

Ninety per cent of UK organisations’ web sites contain one or more vulnerability that may enable external users to gain unauthorised system access or disrupt service availability, according to vendor NTA Monitor's Web Application Security Report 2007.

A further 33 per cent of web sites have been found to contain critical vulnerabilities that are widely known and actively exploited by hackers, according to the survey of financial institutions, legal practices, universities and local government bodies.

Roy Hills, technical director at NTA Monitor, said: 'Web applications are accessible 24 hours a day, seven days a week and control sensitive data such as customer details, credit card numbers and proprietary corporate data.'

'With an ever increasing number of people using the internet for personal business such as banking, bill payments and shopping, and as a core part of their working lives in terms of remote working and resource sharing, it’s high time that organisations took greater steps towards protecting these revenue generating and efficiency enabling systems,' he said.

As the number, size and complexity of web applications increase, so does the risk exposure. Attackers focusing on web application security problems are actively developing tools and techniques for exploiting them.

NTA Monitor recommends an account lockout mechanism to lock out accounts permanently or temporarily, to help prevent attackers from being able to brute force user accounts.

In order to help protect against keystroke loggers, the mouse and keyboard should both be used during login processes, for instance, users should be asked to use drop-down boxes or radio buttons as well as keying in details.