New research finds that websites contain flaws that allow hackers to access and attack systems.

By Rene Millman

4:27PM, Wednesday 21st March 2007

http://www.itpro.co.uk/security/news/108365/most-websites-can-be-easily-hacked.html

Most websites have vulnerabilities that could allow hackers to access systems or to launch Denial of Service (DoS) attacks, according to new findings.

The research carried out by security consultants NTA Monitor, found that 90 per cent of organisations' websites contain at least one or more flaws that could allow external users to gain unauthorised system access or disrupt service availability. A further 33 per cent of websites were found to have widely known critical vulnerabilities that are actively exploited by hackers.

The company's Web Application Security Report 2007 found that attackers focusing on web application security problems are actively developing tools and techniques for exploiting them.

Roy Hills, technical director at NTA Monitor said that with an increasing number of people using the internet for banking, shopping and bill payments it was "high time that organisations took greater steps towards protecting these revenue generating and efficiency enabling systems."

Hills recommended that organisations reduce the risk of having their website hacked by having an account lockout mechanism in place to put stops on accounts permanently or temporarily, as this would help prevent attackers from being able to use brute force to access user accounts.

He also said that meta characters such as single quotes, double quotes and semi colons should be avoided in order to minimise the threat of SQL injection attacks which, he said, were "a high risk vulnerability".

The advice comes a day after security company Zone-H found that 20,365 websites had been accessed and defaced by one hacker in 24 hours. The Turkish hacker, known as aLpTurkTegin, managed to access and deface the sites, including one for popular TV series Battlestar Galactica. [an error occurred while processing this directive]