Monday, October 23, 2006

How safe is Web 2.0?

Technology commentator Bill Thompson says the latest incarnation of the web, dubbed Web 2.0, is prone to the same flaws as its predecessor

[Top 10 Web 2.0 attack vectors are taken as reference]
Read story

Wednesday, October 11, 2006

Hacking Web 2.0 Applications with Firefox

AJAX and interactive web services form the backbone of “web 2.0” applications. This technological transformation brings about new challenges for security professionals.

This article looks at some of the methods, tools and tricks to dissect web 2.0 applications (including Ajax) and discover security holes using Firefox and its plugins. The key learning objectives of this article are to understand the:

* web 2.0 application architecture and its security concerns.
* hacking challenges such as discovering hidden calls, crawling issues, and Ajax side logic discovery.
* discovery of XHR calls with the Firebug tool.
* simulation of browser event automation with the Chickenfoot plugin.
* debugging of applications from a security standpoint, using the Firebug debugger.
* methodical approach to vulnerability detection.


Monday, October 09, 2006

On slashdot you can read reviews on HNS article - Top 10 Web 2.0 Attack Vectors


Top 10 Web 2.0 attack vectors

Web 2.0 is the novel term coined for new generation Web applications., Google maps, Writely and are a few examples. The shifting technological landscape is the driving force behind these Web 2.0 applications. On the one hand are Web services that are empowering server-side core technology components and on the other hand are AJAX and Rich Internet Application (RIA) clients that are enhancing client-end interfaces in the browser itself.

XML is making a significant impact at both presentation and transport (HTTP/HTTPS) layers. To some extent XML is replacing HTML at the presentation layer while SOAP is becoming the XML-based transport mechanism of choice.