Thursday 10 April 2008, 11:43 AM
Is Your Web Site Vulnerable?
NTA Monitor recently released some statistics which are enough to put the fear of God into any owner of an e-commerce site.
Allegedly, 60% of Web application tests performed for UK organisations showed that their Web sites contained weak encryption or cross-site scripting (XSS) vulnerabilities. Furthermore, over three quarters (78%) of Web sites tested contained one or more medium level risk that may enable external users to gain unauthorised access or disrupt service availability.
So what does this actually mean? Some applications are vulnerable to cross-site scripting attacks, which enable a hostile Web site to cause potentially malicious code such as JavaScript commands to misdirect or compromise your visitor’s browser. This can enable an attacker to collect sensitive information such as passwords and card payment details.
Web applications are commonly the most vulnerable part of an organisation’s network, as they necessarily allow Internet users to input and access data. Content and design is frequently altered in order to keep up with the demand for new features and functionality, but even simple changes could produce a new vulnerability that may threaten confidential information.
Too reduce your risk you should apply a hardening and patching procedure to all Internet-facing Web servers, use strong encryption (128-bit SSL) for all sensitive details - such as credit card numbers and passwords - and all user-supplied data should be properly sanitised before returning it to the browser or storing it in a database.
Allegedly, 60% of Web application tests performed for UK organisations showed that their Web sites contained weak encryption or cross-site scripting (XSS) vulnerabilities. Furthermore, over three quarters (78%) of Web sites tested contained one or more medium level risk that may enable external users to gain unauthorised access or disrupt service availability.
So what does this actually mean? Some applications are vulnerable to cross-site scripting attacks, which enable a hostile Web site to cause potentially malicious code such as JavaScript commands to misdirect or compromise your visitor’s browser. This can enable an attacker to collect sensitive information such as passwords and card payment details.
Web applications are commonly the most vulnerable part of an organisation’s network, as they necessarily allow Internet users to input and access data. Content and design is frequently altered in order to keep up with the demand for new features and functionality, but even simple changes could produce a new vulnerability that may threaten confidential information.
Too reduce your risk you should apply a hardening and patching procedure to all Internet-facing Web servers, use strong encryption (128-bit SSL) for all sensitive details - such as credit card numbers and passwords - and all user-supplied data should be properly sanitised before returning it to the browser or storing it in a database.


