Most websites can be "easily hacked"

New research finds that websites contain flaws that allow hackers to access and attack systems.

Most websites have vulnerabilities that could allow hackers to access systems or to launch Denial of Service (DoS) attacks, according to new findings.

The research carried out by security consultants NTA Monitor, found that 90 per cent of organisations' websites contain at least one or more flaws that could allow external users to gain unauthorised system access or disrupt service availability. A further 33 per cent of websites were found to have widely known critical vulnerabilities that are actively exploited by hackers.

The company's Web Application Security Report 2007 found that attackers focusing on web application security problems are actively developing tools and techniques for exploiting them.

Roy Hills, technical director at NTA Monitor said that with an increasing number of people using the internet for banking, shopping and bill payments it was "high time that organisations took greater steps towards protecting these revenue generating and efficiency enabling systems."

Hills recommended that organisations reduce the risk of having their website hacked by having an account lockout mechanism in place to put stops on accounts permanently or temporarily, as this would help prevent attackers from being able to use brute force to access user accounts.

He also said that meta characters such as single quotes, double quotes and semi colons should be avoided in order to minimise the threat of SQL injection attacks which, he said, were "a high risk vulnerability".

The advice comes a day after security company Zone-H found that 20,365 websites had been accessed and defaced by one hacker in 24 hours. The Turkish hacker, known as aLpTurkTegin, managed to access and deface the sites, including one for popular TV series Battlestar Galactica.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Putin open to handing cyber criminals over to US
hacking

Putin open to handing cyber criminals over to US

14 Jun 2021
Futurex‌ ‌and Google enable‌ ‌client-side‌ ‌Google‌ ‌Workspace encryption‌
Google Docs

Futurex‌ ‌and Google enable‌ ‌client-side‌ ‌Google‌ ‌Workspace encryption‌

14 Jun 2021
The complete guide to building a security awareness programme that works
Whitepaper

The complete guide to building a security awareness programme that works

14 Jun 2021
2021 state of the phish
Whitepaper

2021 state of the phish

14 Jun 2021

Most Popular

Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
Fastly blames software bug for major outage
public cloud

Fastly blames software bug for major outage

9 Jun 2021
GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021