A leading software security engineer at Mozilla has used her self-designed tool – Mozilla Observatory – to expose flaws in website security.
April King used her Observatory tool to uncover the startling statistic that just over 93 per cent of the largest websites around the globe are failing to utilise security systems that could protect their visitors from cyberattacks.
In-depth security checks
According to an article in Security Week, the Observatory program undertakes several tests, including CORS (cross-origin resource sharing), HSTS (HTTP strict transport security), CSP (content security policy) and HPKP (HTTP public key pinning).
Using Observatory, Ms King has tested over one million websites, only to discover that the vast majority are failing to take advantage of the many available security technologies that could make them less vulnerable to attacks by cybercriminals. The results show that only around 30 per cent of the websites tested made use of HTTPS, with less than seven per cent of the websites tested making appropriate use of other security measures available to them.
Improvements being implemented
With an initial scan of one million of the largest websites in the world taking place in August 2016, Ms King opted to run a further scan in October of the same year, followed by another scan in June 2017. She noted that, following her initial scan, over 40,000 websites had managed to improve their security ratings, which she believes to be an extremely promising response.
Keeping abreast of online security requires in-depth knowledge of the industry; therefore, most website owners choose to outsource security to a skilled professional London web design company such as https://www.redsnapper.net/. Professionals have specific skills that enable them to check your website for potential security loopholes and render them ineffective to hackers and cybercriminals.
Pointing out that Observatory is designed to be website development focussed, Ms King suggested that sites marked low for security issues should keep calm about the findings of her report. The program’s grading system has been set deliberately high to promote web security best practices; therefore, a low grade should serve as an early warning system for potential problems. Ms King advises looking at the program’s recommendations to see whether implementing some, or all, of them could improve security in the future.