Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Strategic Security: Web Applications Scanners

 
 

Web 2.0 encompasses lots of big ideas, but we've found it's the concept of RIAs that keeps many information security pros awake at night. Splitting intelligence between server and client, as is done with Rich Internet Applications, is a fundamental shift ... and a risky one given the sad state of browser security. Moreover, while it affects only a subset of RIAs, the Ajax development model has both momentum and traits that make eliminating vulnerabilities a real challenge.

Web application scanners can help, but implementation is tricky. For this Rolling Review, we decided that instead of simply focusing on boxed Web application scanners, we'd consider the entire decision-making process. What we found are at least four distinct paths to RIA and Ajax security. (For more on what we plan to test, see our Web Application Scanners Rolling Review scenario box.)

Targeting The Rich

  • 1