Web application security holes and Christmas shopping

Results from IMRG predict online shopping to hit ?180 million per day leading up to Christmas – more than double the ?82 million average for the rest of the year. But with retail web applications being bombarded by Christmas shoppers will they also be able to cope with the inevitable rise of security threats?

A lack of focus on web application security, less rigour in Web programming, increasing complex software, and restrictions on Web security testing have combined to make flaws in Web software the most reported security issues this year. Today, 7 out of 10 web sites are vulnerable cross-site scripting, the most serious threat to data compromise.

Yet even when regulations are in place to support the security of web applications, the web application security experts Bee Ware have found that organisations are unaware of them or are merely paying lip service.

“Less than 5% of commercial organisations currently comply with the PCI standard,’ commented Malcolm Skinner, Bee Ware’s international marketing director.

“And it is not just the commercial sector that has been found wanting – our research has found that out of 200 local councils surveyed in the UK only 15 are actually aware of their obligations under the new PCI 1.1 regulations, which actually mandate the requirement for secure web applications.

“With the move to greater use of web technologies the issue of web application and web services security can not be ignored. These technologies lead directly to personal information in databases and intellectual property – a far more important risk issue to tackle than the latest virus.’ continued Skinner.