0 technologies, such as AJAX and Flash. In addition to
Web 2.0 technologies, XSS attacks are also discussed in mobile devices. Many popular
web applications have mobile counterparts. The mobile applications generally offer the
same functionality but less security features. While these applications are for mobile
devices, they are still accessible from browsers such as IE and Firefox. Part I of the book
concludes with the first case study, an in-depth review of the Samy worm. The Samy
worm was the first web application worm, and it spread so quickly on MySpace.com
that the web site had to be shut down in order to clean it up.
Part II
The next part of the book, ???Next Generation Web Application Attacks,??? covers the new
attack classes that appear with Web 2.0 applications. Chapter 3 starts discussion with
cross-domain attacks. As mentioned, web sites that allow for cross-domain functionality
are vulnerable to self-prorogating worms and viruses. This chapter shows how that has
been possible with common security vulnerabilities involving AJAX and CSRF, a relatively
new attack class that impacts both Web 1.0 and Web 2.0 applications. Chapter 4
focuses on the ways to abuse JavaScript, including Web 2.
Pages:
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54