techUK has released new guidance which reveals the top ten web vulnerabilities and provides advice on how users can protect themselves from the most common threats. “Securing Web Applications and Infrastructure,” which was recently released in association with the Home Office, identifies best practices that will help reduce the impact and cost of cyber crime in the UK.
Free eBook: Modern Retail Security Risk – Get your copy now.
Penetration tests conducted over the last 12 months demonstrated that although there are new threats emerging, well known vulnerabilities are still the most common. The results show that the top 10 online vulnerabilities are:
1. Account weaknesses, and especially a weak password policy
2. Secure Sockets Layer (SSL) issues
3. Cross site scripting (XSS)
4. Clear test protocol in use
5. No brute force protection
6. Directory listing
7. No ‘clickjacking’ protection
8. Cookies – not marked HTTP only or not marked as secure
9. Host configuration issues, especially firewall issues and IP leakage
10. Information disclosure, and especially user enumeration
Gordon Morrison, Director of Tech for Government at techUK, explains: “These threats may not be new, but all still post a real risk to UK web users. The good news for businesses and citizens is that there are well established fixes available to protect against these vulnerabilities that can help users avoid falling victim to cyber crime.”
In addition to individual solutions, the UK has succeeded in classifying what constitutes good software engineering. PAS 754, Software Trustworthiness – Governance and Management – Specification was developed by BSI, the business standards company, in consultation with stakeholders. It sets out the processes and procedures that organisations can apply to help them identify and employ trustworthy software. The specification defines the five aspects of software trustworthiness: safety, reliability, availability, resilience, and security.
“Securing Web Applications and Infrastructure” can be downloaded here.
About techUK
More than 850 companies are members of techUK. Collectively they employ more than 500,000 people, about half of all tech sector jobs in the UK. These companies range from leading FTSE 100 companies to new innovative start-ups. The majority of our members are small and medium sized businesses.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.