Australian experts say they have come up with a simple tool to make websites more secure and curb hacking. 

Researchers have developed a scanning tool to make websites less vulnerable to hacking and cyberattacks.

The black box security assessment prototype, tested by engineers in Australia, Pakistan and the UAE, is more effective than existing web scanners which collectively fail to detect the top 10 weaknesses in web applications.

Cybercrime cost the world $6 trillion in 2021, reflecting a 300 per cent hike in online criminal activity in the past two years.

Remote working, cloud-based platforms, malware and phishing scams have led to skyrocketing data breaches, while the rollout of 5G and Internet of Things (IoT) devices has made us more connected - and vulnerable - than ever.

Due to the widespread adoption of eCommerce, iBanking and eGovernment sites, web applications have become a prime target of cybercriminals who want to steal individual and company information and disrupt business activities.

Existing web scanners are falling way short when it comes to assessing  vulnerabilities, according to UniSA mechanical and systems engineer Dr Yousef Amer. 

“We have identified that most of the publicly available scanners have weaknesses and are not doing the job they should,” he says.

Nearly 72 per cent of organisations have suffered at least one serious security breach on their website, with vulnerabilities tripling since 2017.

WhiteHat Security, a world leader in web application security, estimates that 86 per cent of scanned web pages have on average 56 per cent vulnerabilities. Among these, at least one is classified as critical.

The researchers compared 11 publicly available web application scanners against the top 10 vulnerabilities.

“We found that no single scanner is capable of countering all these vulnerabilities, but our prototype tool caters for all these challenges. It’s basically a one-stop guide to ensure 100 per cent website security,” Dr Amer says.

“There’s a dire need to audit websites and ensure they are secure if we are to curb these breaches and save companies and governments millions of dollars.”

The researchers are now seeking to commercialise their prototype.

More details are accessible here.