Part III concludes with a case study on Web 2.0 migration. This case study
walks through the risk and exposures an application will have if it is migrated to a Web
2.0 framework. Specifically, the case study discusses common exposures with internal
methods, debug functionality, hidden URLs, and full functionality migration.
Part IV
The last part of the book is on thick clients. The first chapter in this part covers ActiveX
security. ActiveX has long been a curse word in the security world due to its security
flaws, combined with the fact that it contains powerful functions, is open to other users,
and is trusted heavily by earlier versions of Internet Explorer. ActiveX is definitely not a
new technology, but is now often used in Web 2.0 applications. For example, many Web
2.0 applications are offering more functionality to users with the client-server model. In
the case of Web 2.0, the client is delivered using an ActiveX control and the server is the
web application itself. Users obtain more functionality by having a Win32 client on their
desktop that interacts with the web applications, but also open themselves up to more
security exposures. While it does not use ActiveX, the Google desktop is a good example
of how Web 2.
Pages:
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57