MELBOURNE, AUSTRALIA: Web developers are not putting enough importance on ensuring websites and applications are secure, leading to the onslaught of security breaches many high-profile companies have faced in recent times, according to Ovum.
In a new report, the independent technology analyst claims that attacks on the web facilities of companies such as Sony have happened due to a lack emphasis on security when they were built.
The report states that web developers are placing too much importance on “cosmetics” such as the look, speed, and ease of access, and not enough on writing secure code, leaving websites and applications vulnerable to hackers.
Andy Kellett, Ovum analyst and author of the report, commented: “Over the past three years, many respected companies and their web facilities have been targeted by malware. Recent examples include Sony, RSA, and several financial institutions, proving that even the most well-respected organisations can be compromised.
“In the past developers have put too much emphasis on web cosmetics, the look and feel, the speed, and the ease of access. Not enough importance has been placed on the requirement to write secure code and deliver a hardened infrastructure.
“As a result, during the last three years, up to 70 per cent of the web’s top 100 sites have either hosted malicious content, or have contained redirect facilities to illegitimate websites. The latest breach reports show that the problem has not gone away and the threat to commercial websites continues.”
According to the report, real-time analysis and inspection of web pages and their content is required to ensure that users remain safe. The report also finds that the data-protection element of the technology has a growing role to play in protecting businesses from the malicious attacks of hackers keen to steal high-value data.
Kellett added: “The use of Web 2.0 services, the requirement for social media access in a business and personal context, and the introduction of an increasing number of new mobile devices mean that the real-time elements of web protection have to deal with the combined requirements of corporate and social use.”