Is Web 2.0 inherently insecure?

|

|

|

Feeds

Get NetworkComputing Connect

Search

NWC Print
Aug 2008

Beyond Headlines

Down to Business

Archieve

Is Web 2.0 inherently insecure?

By Jordan Wiens

Ajax applications may be less secure than standard Web applications. At a minimum, splitting an app into two distinct programmatic components—one for the browser, one for the server—appears to open up Ajax-specific vulnerabilities.

Although the ‘X’ in Ajax stands for XML, many Web 2.0 apps don’t actually use XML as a container for the data being sent to and from the client and server. Instead, they pass data as a JavaScript object or as code that can be evaluated in JavaScript, simplifying client-side processing.

The problem—recently highlighted in a Fortify Software advisory and originally described over a year ago—is that this approach leaves users vulnerable, in particular, to cross-site request forgery attacks. In such an attack, a Web site can cause your browser to make requests to another domain name with your current session cookie for that site, and access the returned data by overriding default JavaScript functions.

This means a lot of Ajax applications must be updated. If the framework developers can’t get it right, what are the odds that an average developer can keep Ajax apps secure?

Comment:*

First Name:*

Last Name:*

Company:

City:*

E-mail:*

Verification Code:*

	Type the characters you see in the picture above.

Reset

Comments >>

1

No Comments to display

Disclaimer >>

Messages posted on this Web site under the `Comments' area are solely the opinions of those who have posted them and do not necessarily reflect the opinions of UBM India Pvt. Ltd.(CMP) or its site www.networkcomputing.in . Gossip, mud slinging and malicious attacks on individuals and organizations are strictly prohibited. UBM India Pvt.Ltd .(CMP) and www.networkcomputing.in can not be held responsible for errors or omissions in content, nor for the authenticity of the user/company name or email addresses associated with posted messages. UBM India Pvt.Ltd. (CMP) reserves the right to edit or remove messages containing inappropriate language or any other material that could be construed as libelous, potentially libelous, or otherwise offensive or inappropriate. UBM India Pvt.Ltd.(CMP) and www.networkcomputing.in do not endorse the products and services or any other offerings mentioned in these messages.

CIO Perspectives >>

“User is the King. Ultimately it is the user who will come back and inform whether a technology is benefiting the company or not.”

Shirish Gariba, CIO, Elbee Express

More: CIO Perspectives >>

FEATURED STORIES >>

Largest Core Banking Rollout in Indian Co-operative Banking Sector

Punjab State Co-op Bank has selected Flexcube, Oracle Database and Oracle Financial Services OnDemand to replace manual processes and enhance efficiency by maintaining customer intimacy created over the years

What Linux Will Look Like In 2012

Our open source expert foresees the future of Linux: By 2012 the OS will have matured into three basic usage models. Web-based apps rule, virtualization is a breeze, and command-line hacking for basic system configuration is a thing of the past

Icahn Would Sell Yahoo's Search Business to Microsoft for $1 Billion

Under Icahn's plan, Microsoft also would pay billions of dollars to become the exclusive search provider on all Yahoo sites for a term of 5 years

CAST YOUR VOTE>>

Has the security risk to your organization increased in the past one year?

Yes
No
Can't Say

View Polls Archive

ADVERTISEMENTS >>

News | Server & Storage | Network Infrastructure | Information Security | Enterprise Applications | Connectivity & Convergence | Whitepaper | Management
International Partners: Germany
Media Kits | Reprints | Privacy Statement | California Privacy Rights | Copyright © 2007 CMP Media LLC | Terms of Service
Content Management System By AdwebTech | Search Engine Optimization By AdwebTech & eBrandz | Web Hosting By AdwebTech & Hostway

Powered By: ssCMS 2.2.0.0