Web Sites Pretty, But Not Secure

Friday, August 26, 2011 @ 04:08 PM gHale

Web developers are not putting enough importance on ensuring websites and applications are secure, leading to the onslaught of security breaches for high-profile companies, according to new report from Ovum.

Attacks on web sites of companies such as Sony occurred because of a lack of emphasis on security in the building process, the report said.

Hershey Hacked; Recipe Altered
Attacks Grow with Web App
Old Browser Plug-ins Big Attack Target
Trojan Sticks it to Super Glue

Web developers are placing too much importance on “cosmetics” such as the look, speed, and ease of access, and not enough on writing secure code, leaving websites and applications vulnerable to hackers, said the report from the London-based technology industry analyst firm.

“Over the past three years, many respected companies and their web facilities have been targeted by malware,” said Andy Kellett, Ovum analyst and author of the report. “Recent examples include Sony, RSA, and several financial institutions, proving that even the most well-respected organizations can be compromised.”

“In the past, developers have put too much emphasis on web cosmetics, the look and feel, the speed, and the ease of access,” he said. “Not enough importance has been placed on the requirement to write secure code and deliver a hardened infrastructure”.

“As a result, during the last three years, up to 70 percent of the web’s top 100 sites have either hosted malicious content, or have contained redirect facilities to illegitimate websites.”

“The latest breach reports show that the problem has not gone away and the threat to commercial websites continues.”

Real-time analysis and inspection of web pages and their content needs to occur to ensure users remain safe, the report said. The data-protection element of the technology has a growing role to play in protecting businesses from the malicious attacks of hackers keen to steal high-value data, the report said.

“The use of Web 2.0 services, the requirement for social media access in a business and personal context, and the introduction of an increasing number of new mobile devices mean that the real-time elements of web protection have to deal with the combined requirements of corporate and social use,” Kellett said.

Leave a Reply

You must be logged in to post a comment.