Hacking Web 2.0
Newer web technologies, originally dubbed “Web 2.0,” have changed how the Internet is used. From YouTube to Facebook to Twitter, new server and client-side technologies, such as web services, Ajax, and Flash, are being rolled out as if they’re going out of style. And these aren’t just consumer technologies. Businesses see the value in them, and developers are excited to utilize the latest and greatest technologies in their environments.
Unfortunately, the downside to these technologies is complexity. These new rich Internet applications, as they’re also referred to, are so complex that developers, quality assurance analysts, and security managers are struggling to keep up with all their associated security issues. The vulnerabilities in newer applications are very similar to what show up with legacy technologies, such as XSS, SQL injection, parameter manipulation, and so on. You have to remain vigilant.
In the meantime, here are some valuable tools you can use to test for flaws in your Web 2.0 applications:
Web Developer for analyzing script code and performing other manual checks.
WSDigger for analyzing web services.
WSFuzzer for analyzing web services.
Technologies such as Ajax and web services are here to stay, so try to get your arms around their security issues now before the technology grows even more complex.