Question: Much has been made of the new Web 2.0 phenomenon, including social networking sites and user-created mash-ups. How does Web 2.0 change security for the Internet? How do secure software development concepts support protecting applications?
World Wide Web (www) has advanced as a major technology since its introduction during the 1980s. In beginning web sites were primarily used only by few number of users to share information related to their academic work. As the user interface evolved over the next coming years with each new version bringing in new frameworks and techniques, it powered web as a hub of technology. Web 1.0, 2.0 and 3.0 brought more dynamic features to the users. Web 1.0 used to describe the web content in static resulting in rigid user experience. Web 2.0 which powered social networking sites became popular developing the web which ultimately served as a platform for people to create and share their own content on the web in the form of blogs, wikis, feeds, tagging systems, user-created publication systems etc. The evolution of web technology began to spread its roots into the major business areas which brought in the requirement for high speed and expanded availability for substantial number of users.
On the other hand, Web 2.0 has also brought some security’s concerns. Mainly the component of client interaction with web, it opened doors to unauthorized actions in the application. In order to provide a rich user experience majority Web 2.0 sites have adopted lightweight user interface code such as asynchronous JavaScript and XML (AJAX). In the Conventional client-server models, many of calls (requests) are handled and processed on the server side. AJAX allows a higher percentage of requests to be processed on the client side. This may give malicious users many options to modify any application code running on a client machine by exploring and testing the application for vulnerabilities.
To overcome this objective, developers should consider installing an appliance at the Internet gateway, which performs real-time code inspection of traffic flowing through the corporate network. High performance and high availability appliances capable of monitoring and acting swiftly to block any suspicious web traffic are paramount. Also, it is very important that developers develop the application with security in mind. Following the coding convention, having the code reviewed, testing the application thoroughly are all part of securing the application in the web.
Article 2:
Question: Much has been made of the new Web 2.0 phenomenon, including social networking sites and user-created mash-ups. How does Web 2.0 change security for the Internet? How do secure software development concepts support protecting applications?
Web applications, or software as a service (SaaS) Web applications, has certainly revolutionized the way individuals utilize the net. Advancement as advanced and as more people have started to utilize the Internet, the net has experienced through predominant turns specially Web2.0, Web 3.0 and Internet of things. Example customer-facing applications, it has ended up exceptionally troublesome with recently presented security threats. Such applications can effortlessly enter through the conventional security measures taken and enable the programmers to break classified data.
How web 2.0 change securities for internet:
Web 2.0 capabilities serve 2 main purposes 1) to reach the public straightforward manner referred to as social media and 2) to improve the business process. They are progressively utilized by companies for superior staff collaboration and communication. Web 2.0 innovation offers numerous preferences in terms of enhancing the Web and making strides the client involvement, they are too bringing a number of security concerns and assault vectors into presence. Since one characteristic for a web2.0 application is to emerge more noteworthy client association, the presentational the person or client to security threats and vulnerabilities increases.
The following are few security issues of Web 2.0 Environment. They are:
Insufficient Authentication Controls:
In numerous Web 2.0 applications, content is confined within the hands of numerous different clients, not only a select number of affirmed clients. That implies there's a more noticeable possibility that a less-experienced client will roll out an improvement that will adversely influence the general framework.
Cross Site Scripting (XSS):