Web site security undermined by poor development

Spate of recent Web breaches due to developers' placing importance on style over security, new study finds. Real-time analysis, inspection on content recommended for boosting security.

Recent number of high-profile security breaches that afflicted companies such as Sony and RSA can be attributed to developers who placed more importance on style over security elements, a new report stated.

According to a Ovum report that was released Monday, Web developers are currently focusing too much of their energies on the "cosmetics" of Web site design such as the look, speed and ease of access to the site.

As a result, Web site builders are not spending enough time writing secure codes and delivering a hardened infrastructure, which leave companies' Web sites and applications vulnerable to hackers and attacks, it stated.

Andy Kellett, Ovum analyst and author of the report, pointed out that during the last three years, up to 70 percent of the Web's top 100 sites have either hosted malicious content or contained redirect facilities to illegitimate Web sites.

"Over the past three years, many respected companies and their Web facilities have been targeted by malware. Examples include Sony, RSA and several financial institutions, proving that even the most well-respected organizations can be compromised," said the analyst.

Kellett also noted that the report shows that the problem has not gone away and the threat to commercial Web sites continues.

Closing the gap
That said, companies appear to have recognized the need to plug this security gap. Ovum noted in the report that spending on Web security will grow at a compounded annual growth rate (CAGR) of 8 percent between 2011 and 2015. This is higher than other mainstream security areas, it noted.

The research firm urges companies to look into real-time analysis and inspection of Web pages and content in order to ensure users remain safe. In fact, there is a need for deep content inspection facilities, which operate alongside the ability to monitor, report on, and block suspect content, it pointed out.

Kellett added: "The use of Web 2.0 services, the requirement for social media access in a business and personal context, and the introduction of an increasing number of new mobile devices mean that the real-time elements of Web protection have to deal with the combined requirements of corporate and social use."