Most companies face security threat

According to the Open Web Application Security Project (OWASP), which has published a list of the most dangerous internet application security problems, the greatest threat comes from ignoring exploits that are well understood and documented.

It was surprised to find firms were not deploying counter-measures against well-known threats, saying ‘the security issues raised here are not new’.

This view was endorsed by Dr Charles Pflegger, master security architect at Cable and Wireless: ‘Flaws continue to be found in applications, even after nearly 50 years of programming experience. Worse, the same kinds of flaws appear over and over again.’

While welcoming OWASP’s report as an attempt to raise awareness of IT security issues, Quocirca strategy analyst Clive Longbottom pointed out that highlighting technical problems could fight only half the battle.

‘Just raising a list of problems in isolation will only provide a recipe for fear, uncertainty and dread,’ he warned.

‘Over 95% of UK companies are not large enough to employ dedicated IT security professionals and, as a result most will not understand the difference between a command injection flaw and a cross site scripting exploit.’

Related reading

HMRC banknotes