Organisations fail to address cross-site scripting attacks

According to a report from IT testing company NTA Monitor, 7% of sites fall under the high-risk security category, compared to 5% in 2009.

Technology director at NTA Roy Hills said that companies are failing to address security weaknesses when they arise. "It is important that organisations remember that testing their sites will only indicate where they are deficient and they need to take action as soon as they are made aware of the problems," he said.

NTA Monitor found that cross-site scripting (XSS) vulnerabilities were still a problem for many websites.

With the introduction of Web 2.0, it has become essential for an application to accept more user input to enhance the user experience.

Without proper input validation mechanisms an application can open up more areas for an attacker to exploit.

Other factors, such as an unresponsive third-party supplier that owns the underlying code, can also contribute to the prevalence of the issue, NTA Monitor said.

The public sector was identified as most high-risk, with the average number of vulnerabilities almost double those in 2009.

The report added that government security breaches are likely to increase due to the impact of impending spending cuts.

This follows a series of high-profile government breaches.

Manufacturing, legal services and IT & telecoms were also found to have websites among the most vulnerable to hackers.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?