Search This Blog

Wednesday, February 6, 2008

Web 2.0 Security

Web 2.0 is an umbrella term coined to include technologies used for
providing user-centric web based services. Here, the services are
architected and programmed so that they can be personalized and used
dynamically. The architectural philosophy is called Service Oriented
Architecture (SOA). This document provides security aspects for Web 2.0
based Services. It provides a comprehensive list of threats that need
to be considered for mitigation when deploying Web 2.0 services. It
also provides ideas on mitigating the described threats. The document
is intended for CIOs and Enterprise IT Professionals (e.g.,
Administrators, Directors) who are planning or implementing or deploying
Web 2.0 Services, and for Network & System Architects. The paper
discusses several security threats, including Feed Injection;
Authentication; Validation; Client Side Attacks: Cross-Site Scripting &
Forgery; Client Side Attacks: Command Execution and Zones; Client Side
Attacks: Generic.

No comments: