About two third of the largest Dutch webshops are lagging security. In 38% of the cases a serious security leak was discovered. The research was done by Consumentenbond and Onvio. The webshops where checked for the most eminent and known threats. In one case the complete client database was visible after an SQL injection, which uses a vulnerability in the connection between website and database. The cross-site-scripting-lek (XSS) causes the 38% of serious leaks. In these cases cookies aren’t processed in the right way. This opens the possibility to integrate a different payment site. Some webshops have fixed the problem, but in over half of the cases they did not respond to Consumentenbond.
