However, in practice, web applications often have numerous
items such as internal methods and debug functionality that should not be exposed to
clients??”all of this makes migration to a Web 2.0??“style web application a security
concern.
This case study discusses the following:
??? The Web 2.0 migration process
??? Common exposures
??? Internal methods
??? Debug functionality
??? Hidden URLs
??? Full functionality
WEB 2.0 MIGRATION PROCESS
A Web 1.0??“style web application generally starts the migration process by selecting an
AJAX framework to use. This choice often depends on a number of factors, such as the
platform and technologies being used by the web application. As you would expect,
with the number of different platforms and technologies in use, a number of frameworks
are available to developers. These frameworks can vary wildly in the way they add
Web 2.0??“style functionality to an existing web application. Some frameworks require a
full rewrite of the application to use the framework??™s Web 2.0 libraries, while others
190
simply take the existing web application and add Web 2.0??“style functionality. This
functionality can be achieved in a number of ways, with some AJAX frameworks
functioning as a middleware servlet between the application and the client, while others
compiling the entire application into JavaScript that can be statically served to the client.
Pages:
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345