Cyber Security Expo
 
Web 2.0 Attacks Revealed by Kiran Maraju on 15/09/08

Now a days, web application security getting more prominent attention. This attention comes with the increase in the number of vulnerabilities in web applications due to the lack of proper security standards used in the development of the application.

Cert/CC Statistics shows that 7120 Software Vulnerabilities were Reported in 2006

194 SQL Injection Vulnerabilities were found on BugTraq between 2005-jan and 2005-June

Symantec highlights in its most recent Internet Security Threat Report that Web vulnerabilities constituted 69 percent of 2,249 new vulnerabilities identified for the first half of 2006, with 78 percent of 'easily exploitable' vulnerabilities residing within Web applications.

Directory Traversal is the 2nd most common attack on the internet as of the 2nd half of 2005

Roughly 63% of the Web application vulnerabilities can be accounted for by 4 vulnerability classes: file inclusion, SQL injection, cross-site scripting, and directory traversal.

Regulations such as PCI, HIPAA,SOX etc and need for the protecting from the financial loss and reputation loss for organizations leads to surge in applications security. Web 2.0 technologies provide collaborative, decentralized networking for online activities. It involves content participation from end users or consumers enhancements.

Web 2.0 technologies involve active participation from users in terms of content contributions and content edition rather than users plays the roles of consumers in Web 1.0. Active user involvement contains activities such as Blogs, sharing information using syndications with the help of RSS/ Atom etc. Growth of technologies and user interaction increases the negative side of the online business in terms of malicious activities which affect the confidentiality, integrity and availability of information assets. These affect can lead to the unauthorized disclosure of sensitive data like SSN numbers, credit card details etc. which can lead to online business providers financial, and reputation loss.

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.