0 application. For example, Web 2.0 applications
often use AJAX frameworks. These frameworks contain lots of information about how
the applications work. The framework information is often downloaded to a user??™s
browser via a .js file. This information makes it easy for an attacker to enumerate possible
attack surfaces. On the flip side, while discovery may be easy, manipulating calls to the
application may not be likewise. Unlike Web 1.0, where hidden form fields often
contained information used in GET and POST parameters, some Web 2.0 frameworks
often require a proxy to capture content, enumerate fields for possible injection, and then
submit to the server. Though not as straightforward as Web 1.0, the attack surfaces are
often larger.
Software as a service solution, while not a technology but rather a trend in the Web 2.0
space, has had a significant impact on security. Unlike in-house applications that run in
an organization??™s own data center, hosted software solution affect security significantly.
An XSS flaw in an in-house CRM application simply allows a malicious employee to see
another employee??™s information; however, the same flaw in a hosted CRM application
can allow one organization to see the sales leads of another company.
Pages:
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51