Top Ten Attacks Hiding Beneath Web 2.0

Web2.0 is a fresh term used to describe the next generation of web applications. Start.com, Google Maps, Writely, and MySpace.com are all examples that utilize Web2.0. The continuous advancement in technology has driven the development of Web2.0 applications. On the network service side, it strengthens the core technical components on the server side, while on the client side, AJAX and Rich Internet Applications (RIA) improve the client-side user interface within the browser.

The XML language has had a significant impact on both the presentation layer and the transport layer (HTTP/HTTPS). After SOAP became a particular choice for XML-based transport mechanisms, to some extent, XML replaced HTML language at the presentation layer.

Focus of Web2.0 — Industry Restructuring

Technological changes have brought new security concerns and new methods of attack. Typical worms such as Yamanner, Samy, and Spaceflash are attacking the client-side of AJAX architectures that contain confidential information, providing pathways for attacks.

On the server side, XML-based web services are replacing some critical functionalities. They provide distributed applications accessible via web service interfaces. Users can remotely activate methods based on GET, POST, or SOAP from the browser end, which introduces new vulnerabilities to various applications. On the other hand, the RIA framework using XML, XUL, Flash, Applets, and JavaScripts adds more available methods of attack. RIA, AJAX, and web services add new dimensions to web application security.