Tag Archives: security

The Joys of Scaremongering

According to a report I’ve just glanced over, 9 out of 10 websites are “sitting ducks”. The article lists a whole range of problems that websites ranging from Cross-Site Scripting (XSS) exploits to Cross Site Request Forgery (CSRF). With such a range of issues most websites seem to have, it’s a wonder there’s any sites still around on the Internet!

Obviously, White Hat Security, the company who came up with the report recommends taking action as quickly as possible.

It’s reports like that that give security companies a bad name. It’s preposterous to claim that it’s only a matter of time before most websites will be run over by vermin and spontaneously combust. And if you don’t have alarm system monitoring you’d never even know about!

I agree with their assement, it would be good advice to follow:

.. finding and prioritizing all Web site properties by designating their importance to the business and a party responsible for their security; finding and fixing Web site vulnerabilities by assessing them for weaknesses with each code change; remediation of vulnerabilities done on a schedule based on severity; implementing a secure software development process using an organizational standard development framework; and implementing an in-depth Web site vulnerability management strategy.

But if I had to choose a company to supply my security services White Hat Security would be the last company I hire!