Top 10 Web 2.0 attack vectors

Top 10 Web 2.0 attack vectorsShort Description
Web 2.0 is the novel term coined for new generation Web applications. start.com, Google maps, Writely and MySpace.com are a few examples. The shifting technological landscape is the driving force behind these Web 2.0 applications. On the one hand are Web services that are empowering server-side core technology components and on the other hand are AJAX and Rich Internet Application (RIA) clients that are enhancing client-end interfaces in the browser itself. XML is making a significant impact at both presentation and transport (HTTP/HTTPS) layers. To some extent XML is replacing HTML at the presentation layer while SOAP is becoming the XML-based transport mechanism of choice.

Website: www.net-square.com | Filesize: 29kb
No of Page(s): 4

Content
This technological transformation is bringing in new security concerns and attack vectors into existence. Yamanner, Samy and Spaceflash type worms are exploiting “client-side” AJAX frameworks, providing new avenues of attack and compromising some of the confidential information. On the “server-side”, XML based Web services are replacing some of the key functionalities and providing distributed application access through Web services interfaces. These remote capabilities to invoke methods over GET, POST or SOAP from the Web browser itself provide new openings to applications. On other side, RIA frameworks running on XML, XUL, Flash, Applets and JavaScripts are adding new possible sets of vectors. RIA, AJAX and Web services are adding new dimensions to Web application security.
Here is the list of 10 attack vectors along with a brief overview of each:
1. Cross-site scripting in AJAX. In last few months, several cross-site scripting attacks have been observed, where malicious JavaScript code from a particular Web site gets executed on the victim’s browser thereby compromising information. A recent example is the Yamanner worm that exploited cross-site scripting opportunities in Yahoo mail’s AJAX call. Another recent example is the Samy worm that exploited MySpace.com’s cross-site scripting flaw. AJAX gets executed on the client-side by allowing an incorrectly written script to be exploited by an attacker. The attacker is only required to craft a malicious link to coax unsuspecting users to visit a certain page from their Web browsers. This vulnerability existed in traditional applications as well but AJAX has added a new dimension to it.

Get the file Download here

AddThis Social Bookmark Button
Related Books:
  • Basic Math for 16-720
  • Lattice-based Cryptography
  • LNCS 2846 - Trust on Web Browser Attack vs. Defense
  • A Network Worm Vaccine Architecture
  • A Network Worm Vaccine Architecture
  • Worm Origin Identification Using Random Moonwalks
  • Feed Injection in Web 2.0
  • Introduction to 3D Game Programming with DirectX 9.0c A Shader …

    • Filed Under Internet Security, Web 2.0, Internet 

    Related Searches: , , , ,



    Comments

    Leave a Reply