Is Web 2.0 Inherently Insecure?

Upcoming Events

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

Email Print Share

0 Comments

Is Web 2.0 Inherently Insecure?

Posted by Jordan Wiens on April 12, 2007

Ajax applications may be less secure than standard Web applications. At a minimum, splitting an app into two distinct programmatic components--one for the browser, one for the server--appears to open up Ajax-specific vulnerabilities.

Although the "X" in Ajax stands for XML, many Web 2.0 apps don't actually use XML as a container for the data being sent to and from the client and server. Instead, they pass data as a JavaScript object or as code that can be evaluated in JavaScript, simplifying client-side processing.

The problem--recently highlighted in a Fortify Software advisory and originally described over a year ago--is that this approach leaves users vulnerable, in particular, to cross-site request forgery attacks. In such an attack, a Web site can cause your browser to make requests to another domain name with your current session cookie for that site and access the returned data by overriding default JavaScript functions.

This means a lot of Ajax applications must be updated. If the framework developers can't get it right, what are the odds that an average developer can keep Ajax apps secure? --Jordan Wiens, jwiens@nwc.com

0 Comments

Add Comment

Add Your Comment:

Disk Storage, Heal Thyself

No-maintenance RAID arrays will deliver more efficiency and higher performance, and save money to boot by obviating expensive maintenance plans through built-in spares and other self-healing features. IT groups, especially those with remote locations, could save themselves a bundle by adopting this technology sooner rather than later.

Silo to Gold Mine: What CMIS Can (and Can't) Do for ECM Integration

Enterprises know they could wring more value from their enterprise content management system investments. Unfortunately, integration and interoperability are sticking points. In this Strategy Session report, we investigate whether Oasis' new open Content Management Integration Services standard could be the answer to these woes.

Download: 10 Gotchas That Derail ECM Initiatives

Enterprise content management deployments are fraught with dangers, such as weak search capabilities and poor requirements definitions, that can grind projects to a halt. This report helps CIOs and project leaders move beyond gridlock, choose the right tools and foster seamless integration.

Video

Network Computingwww.networkcomputing.com

Home

News and Analysis

Tech Centers

Channels

Bloggers

Upcoming Events

Executive conference

Vendor Newsfeed

Subscribe to Newsletter

Is Web 2.0 Inherently Insecure?

Posted by Jordan Wiens on April 12, 2007

Add Your Comment:

Premium Content

Disk Storage, Heal Thyself

Silo to Gold Mine: What CMIS Can (and Can't) Do for ECM Integration

Download: 10 Gotchas That Derail ECM Initiatives

Video

Most Popular

Whitepapers

BlogRoll