Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos
"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"
0 pages with hundreds of sources a challenging task, both for
the software vendors as well as the end users.
Similar to many buzz words on the web, Web 2.0 is constantly being overloaded and
can mean different things to different topics. For the purposes of the book, we focus on
the application frameworks, protocols, and development environments that Web 2.0
brings to the Internet.
Web 2.0??™s Impact on Security
The security impact on Web 2.0 technologies includes all the issues on Web 1.0 as well an
expansion of the same issues on new Web 2.0 frameworks. Thus, Web 2.0 simply adds to
the long list of security issues that may exist on web applications. Cross-site scripting (XSS)
is a very prevalent attack with Web 1.0 applications. In Web 2.0, there can actually be more
opportunities for XSS attacks due to rich attack surfaces present with AJAX. For example,
with Web 2.0 AJAX applications, inserting XSS attacks in JavaScript streams, XML, or JSON
is also possible. An example of downstream JavaScript array is shown here:
var downstreamArray = new Array();
downstreamArray[0] = "document.cookie";
Notice that the