One in seven major-company websites in the UK have security flaws that can lead to leaks of credit card details, business intellectual property and the like.
That's according to research by US-based Bkav Internet Security, which tested just under 500 websites belonging to companies in “the top ranks of the stock market” across 24 countries. It found problems with 15 percent of UK and European sites and 22 percent globally.
Bkav looked for critical vulnerabilities including XSS (cross-site scripting), SQL injection, blind SQL Injection and others, with the worst site registering 407 separate vulnerabilities. The average number among problem sites was 10-20.
Bkav said this failure rate was “really high” and added: “22 percent of websites having vulnerabilities constitute a ‘fertile land' for any hackers with even basic IT knowledge to intrude into the website systems of companies, Based on successful intrusion, hackers can escalate privilege to steal information. Furthermore, normal users might be affected because when a website is attacked and dropped with malware, accessing it might make users' computers become victims.”
The report concludes there are two main problems: “Organisations do not have regular website security testing procedures to detect existing risks in their websites, so as to have timely solutions. Secondly, website developers do not have adequate knowledge of security, hence they might make basic mistakes when developing websites.”