View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 13, 2015

Weak passwords lead top 10 online vulnerabilities

techUK and the Cyber Crime Reduction Partnership release new guidance on the most common online threats.

By Ellie Burns

techUK and the Cyber Crime Reduction Partnership have identified the top ten online vulnerabilities, detailed in a guidance paper entitled ‘Securing Web Applications and Infrastructure’.

Released today, the guidance paper was the result of penetration tests over the last 12 months and advises on how users can protect themselves from the most common threats.

Aiming to reduce the impact and cost of cyber crime, the new guidance showed that the top 10 vulnerabilities are:

1 Account weaknesses, and especially a weak password policy
2 Secure Sockets Layer (SSL) issues
3 Cross site scripting (XSS)
4 Clear test protocol in use
5 No brute force protection
6 Directory listing
7 No ‘clickjacking’ protection
8 Cookies – not marked HTTP only or not marked as secure
9 Host configuration issues, especially firewall issues and IP leakage
10 Information disclosure, and especially user enumeration

Gordon Morrison, Director of Tech for Government at techUK, explains: "These threats may not be new, but all still post a real risk to UK web users. The good news for businesses and citizens is that there are well established fixes available to protect against these vulnerabilities and avoid falling victim to cyber crime."

In addition to identifying the top ten online vulnerabilities, the Guidance also detailed best practise steps users can take in order to minimise risk.

The paper highlighted the PAS 754, Software Trustworthiness – Governance and Management – Specification, which was developed by BSI in consultation with stakeholders. It sets out the processes and procedures which organisations can apply to help them identify and employ trustworthy software. The specification defines the five aspects of software trustworthiness: Safety, reliability, availability, resilience and security.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

It describes a widely applicable approach to achieving software trustworthiness, which is based on the following concepts:

– Governance: Before producing or using any software which has a trustworthiness requirement, an appropriate set of governance and management measures shall be set up.

– Risk assessment: The risk assessment process involves considering the set of assets to be protected, the nature of the adversities that may be faced, and the way in which the software may be susceptible to such adversities.

– Control application: Risk shall be managed through the application of appropriate personnel, physical, procedural and technical controls.

– Compliance: A compliance regime shall be set up to ensure that creators and users of software ensure that governance, risk and control decisions have been implemented.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU