The Bundesamt für Sicherheit in der Informationstechnik (BSI), part of the German Ministry of Internal Affairs, has investigated web shops which show that they are often unsafe.
Seven out of ten researched webshop platforms use vulnerable JavaScript libraries. In addition, almost all solutions had inadequate password policies and nearly half of the products use end-of-life software that is no longer supported with security updates. This often concerns external libraries. A total of 78 security vulnerabilities were identified, of which ten have been identified as critical.
The BSI calls on developers of webshop software to immediately release updates for the vulnerabilities found and calls on administrators of webshops to roll them out in a timely manner or otherwise switch to safe products. “The current research shows that the responsibility for safe online shopping lies with both the supplier and the retailer,” says BSI Vice President Gerhard Schabhüser. To prevent data leaks, software suppliers should perform vulnerability analyzes much more often, according to the BSI.
