Security researchers testing web hosting security have found at least one client-side vulnerability in all the platforms that were tested, with some allowing account takeover when the victim clicks a link or visits a malicious website. Websites hosted on Bluehost, Dreamhost, HostGator, OVH, or iPage were tested.
Providing comment is Javvad Malik, security advocate at AlienVault:
“The nature of software is such that nothing will ever be perfectly secure, and that includes web hosting. Companies should approach web hosting in the same way they would approach any third party or cloud provider. This includes having a thorough due diligence process to seek assurance that the web host is taking the right steps to try and identify and mitigate issues in a timely manner. Finally, companies should have their own incident response plans in place, separate to those of the web host.”