Most websites can be "easily hacked"
New research finds that websites contain flaws that allow hackers to access and attack systems.
Most websites have vulnerabilities that could allow hackers to access systems or to launch Denial of Service (DoS) attacks, according to new findings.
The research carried out by security consultants NTA Monitor, found that 90 per cent of organisations' websites contain at least one or more flaws that could allow external users to gain unauthorised system access or disrupt service availability. A further 33 per cent of websites were found to have widely known critical vulnerabilities that are actively exploited by hackers.
The company's Web Application Security Report 2007 found that attackers focusing on web application security problems are actively developing tools and techniques for exploiting them.
Roy Hills, technical director at NTA Monitor said that with an increasing number of people using the internet for banking, shopping and bill payments it was "high time that organisations took greater steps towards protecting these revenue generating and efficiency enabling systems."
Hills recommended that organisations reduce the risk of having their website hacked by having an account lockout mechanism in place to put stops on accounts permanently or temporarily, as this would help prevent attackers from being able to use brute force to access user accounts.
He also said that meta characters such as single quotes, double quotes and semi colons should be avoided in order to minimise the threat of SQL injection attacks which, he said, were "a high risk vulnerability".
The advice comes a day after security company Zone-H found that 20,365 websites had been accessed and defaced by one hacker in 24 hours. The Turkish hacker, known as aLpTurkTegin, managed to access and deface the sites, including one for popular TV series Battlestar Galactica.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.