Web 2.0 Security - Research Paper Example

Web 2.0 Security The idea of the “Web 2.0″ was given by Darcy DiNucci, an advisor on electronic information paradigm. In this regard, this emerging idea is normally linked with web applications that are helpful to increase the capability to communicate, interactive information distribution, cooperation, user-centered plan on the www. Additionally, the web sites which encompass the features of Web 2.0 offer its users the free option to work together or cooperate with each other in the community media discussion as designers of user-produced information material in a virtual society, as compared to those websites where clients are restricted to the inactive analysis of content that was developed for them. Moreover, the instances of Web 2.0 comprise a range of applications like social-networking blogs, websites, video-sharing websites, wikis, web applications, hosted services, folksonomies and mashups. Despite the fact that the idea presents an innovative description of the World-Wide-Web, but it does not offer an update to some technological conditions, however relatively growing transformations in the means software developers and end users utilize the Web (XIBL; Mysore). Normally, the Web 2.0 incorporates the client-side website browser expertise such as Flash, Asynchronous JavaScript and XML (Ajax) and JavaScript/Ajax frameworks and the Adobe Flex framework like that Dojo Toolkit, Yahoo! UI Library, jQuery and MooTools. In this scenario, Ajax programming utilizes Java-Script to upload as well as download new data from the web server without reloading a page repeatedly (XIBL; Mysore). Web 2.0 uses machine-based connections like that SOAP and REST. In this scenario, servers frequently represent administrative Application Programming Interfaces or simply APIs, however standard APIs (for instance, for positioning to an internet blog or informing a blog revision) are also used in development. Moreover, for the communications in APIs incorporate XML or else JSON payloads (XIBL; Mysore). The new web based or web-supported tools offer a range of effective software features and services to the consumers, workers and business associates. These services could be easily managed and handled. Additionally, the new information technology offers access to a major business resource such as the web server, which gives the capability to access various other useful information resources, for instance database servers (ITSecurity). At the present time, a lot of young people have fully integrated Web 2.0 tools and applications into their professional and personal lives. According to various researches, more than 80% of workers make use of social networking applications or web sites like that MySpace, Facebook and YouTube at workplaces or on their laptops. Thus, it is clear that the fame of video-calling (Skype), instant messaging and peer-to-peer (such as multi-player gaming) is increasing day by day and it is causing augmenting danger for business’s status, network performance in addition to information safety (M86 Security). Web 2.0 is definitely very helpful in almost every walk of life. For instance, people read blogs on various latest issues, and place queries on communication board to get response of their questions or investigate specialized debates or forums to get latest knowledge about a definite issue. Moreover, the Web 2.0 applications such as IM (or instant messaging), P2P and Skype frequently offer extra advantages for exchanging information with associates (M86 Security). Obviously, Web 2.0 technology can negatively affect business information security as well as efficiency of organizations. For instance, the lively, interactive website content on Web 2.0 websites can simply divert a worker for hours. Moreover, the businesses are bothered regarding the possible discovery of secret and sensitive data and information by workers when they communicate with other, write messages, write blogs or leave remarks when participating in social media (M86 Security). The major examples of Web 2.0 includes social networking websites such as wikis, blogs, hosted services, video-sharing websites, mashups, web applications and folksonomies. Cloud computing (a broad term for anything that engages distributing hosted services over the internet) also integrates Web 2.0 utilities for the distribution and coordination of data across a range of tools and devices. In spite of these Web 2.0 advantages and technology based solutions, there is an expenditure that is further than the cost of the systems and software: major security contests. In current years, websites like that Gmail, Yahoo! Mail, Facebook along with MySpace have all been overwhelmed by hateful code. However, the absolute openness of today’s computing setting is outstanding. In this regard, consumers, human resources and business associates utilize a range of systems, comprising smartphones and other portable units to beat someone delicate or intellectual possessions, personal data, credit card details, health care records and more (Greengard) and (TechTarget). Web 2.0 has turned out to be a well-known idea during the past few years to competently explain the 2nd variety of society-based web services. Before the emergence of Web 2.0, website owners required internet information and data traffic to their websites by developing content focused on depiction of huge numbers of guests or visitors. On the other hand, in the Web 2.0 era, there are a lot of facilitates such as an online platform for public to develop, work in the form of team and exchange their own information and data content that can be wikis, blogs, images or videos (XIBL; Mysore). The basic purpose of Web 2.0 is to make this platform as easy to use and available as possible, with the intention that community could be able to access and use the website frequently to add, update and analyze information content. In this scenario, some well-liked social networking websites, like that Facebook.com, or video sharing websites, like YouTube, are the major instances of Web 2.0 which are commonly used by the people. Seeing that the Web 2.0 presents a lot of benefits in the fields of internet, such as improving the customer experience and producing web-based societies, on the other hand, it is also a very useful source of transmission techniques for nasty programs. As Web 2.0 applications facilitate people to upload content, these websites are simply vulnerable to hackers desiring to add harmful information and website content. As soon the harmful content has been added online on any website, it can have negative influence on the naive visitors arriving at these websites, and the website proprietors could be possibly accountable for harms happened. Moreover, from a technological point of view, the web sites based on Web 2.0 technology are more open to diverse attacks for that reason that they have some extra relationships with the browser as well as require running integrated Java-Script code on client systems (XIBL; Mysore). The issue that makes overall situation more serious is that the majority of these websites (like that MySpace, Wikipedia, Flickr) are recognized as “trusted” by URL sifting and classification of products, it certainly not be obstructed in spite of the reality that they might hold malevolent code. Another reason might be that the interactive web applications are extremely weak to client input legalization hits. In this scenario, the web systems that are unsuccessful to carry out thorough legalization of user-input screens face the approaches for attacks on the web server as well as linked resources. Thus, to stop this susceptibility requires assessing the entire outside and inside website applications to expose possible confirmation vulnerabilities. However, the majority of corporations does not usually stop or block various users from visiting Web 2.0 websites that could turn out to be an IT safety threat. Web 2.0 websites docking hateful program or code lifts an overabundance of matters for the corporate: outside and inside security; regulatory observance and permissible responsibility matters (XIBL; Mysore). The utilization of a Web 2.0 platform for negative intentions was exposed on a recognized U.S. based site presenting painting directory services in April 2007 by Finjan’s Malicious Code Research Center. In this scenario, the dangerous code on this website was stopping antivirus system installed on the user systems. Moreover, it uses a variety of browser susceptibilities and AJAX technology to download and run a possibly malicious trojan from a distant communication server machine (XIBL; Mysore). With the capability of adware, malware and spam dispensers to utilize the websites as delivery mediums for their newest effort for cyber-hackers to expertise tremendously overwhelmed attacks through the information gathered from individual outlines placed on web pages of Web 2.0 characteristics. In such type of situation social networking is quickly turning out to be a serious pain position, investigators uphold (Hines). In Web 2.0 based environment a user can face following attacks and assaults: (Perez) 1. Injection mistakes 2. Inadequate Authentication Controls 3. Reliability of Information 4. Inadequate Anti-automation 5. Outflow of Information 6. Phishing 7. Cross Site Scripting (XSS) 8. Cross Site Request Forgery (CSRF) Web 2.0 Security Vulnerabilities: This section outlines some of the prime Web 2.0 security vulnerabilities those are hindering the overall working and operational performance of the web 2.0 users. Poor Authentication Controls: In a lot of Web 2.0 systems, content is maintained according to the desire of a lot of clients, not immediately a chosen number of certified employees. This outlines that there is a greater possibility that a less-knowledgeable client will make a change that will have a negative influence on the whole structure (Perez). XSS (Cross Site Scripting): In a stored cross site scripting (XSS) exposure, a hacker sends malevolent input which is stored in the user machine and afterward shown to other clients. A system that permits clients to input designed and attractive information content such as HTML is particularly vulnerable to this attack (Perez). Cross Site Request Forgery: In Cross Site Request Forgery, victim visits what comes into view to be naive and valuable looking websites; however it holds nasty code that generates requests to a special website in its place. On the other hand, Web 2.0 systems are possibly more defenseless to this kind of attack for the reason that they use AJAX (Perez). Phishing: Though phishing is not immediately a threat for Web 2.0 technologies by any means, however the large amount of different client software in use makes it difficult for customers to differentiate between the real as well as the phony websites. That is the case of additional effectual phishing attacks (Perez). Information Leakage: Seeing that of workers make use of social networking applications or web sites like that MySpace, Facebook and YouTube at workplaces or on their laptops, in this scenario people can unintentionally distribute data and information of their owner would have recognized as susceptible. Yet if individuals are not sharing the corresponding of business secrets, the growth of the little "non-responsive" aspect they share is able to permit a company’s contestants to get information regarding what is about and being developed at that corporation (Perez). Injection Flaws: Web 2.0 systems are not capable of fighting against the new kinds of injection attacks comprising XPath injection, XML injection; JSON injection and JavaScript injection for no other motive outside the reality that the Web 2.0 systems tend to utilize and depend on those systems (Perez). Information Reliability: Information reliability is one of the main aspects of data security. Though a hack could guide to failure of information reliability, consequently is able to accidental propaganda. In this scenario, a major instance of this in the community field is a wrong modification on Wikipedia that is afterward established as reality by a lot of the website's visitors (Perez). Inadequate Anti-automation: The simple interfaces of Web 2.0 applications allow hackers to computerize online assaults in a simple way. In this regard brute force and CSRF are two main examples of this attack; other instances comprise the automatic recovery of a huge quantity of data as well as information and the automatic opening of user and clients accounts (Perez). These possible security susceptibilities are more aligned to the web 2.0 based environment. In this current web based business and working arrangement such categories of safety and privacy assaults are turning out to be more frequent. Therefore there is a dire need for even much better ways and techniques to deal with such type of attacks. The section below is aimed to offer such type of ways or mechanisms for better protection and privacy administration (Perez). In case of web 2.0 based setting we can take the following efficient steps for the better management of security associated vulnerabilities (SpamLaws) Validation of User-Input: In web applications there is vital need for the validation of all the data that is entered by various users. This can be done by implementing proper login and password based security mechanism (SpamLaws). Default Configurations: In Web2.0 based arrangement we need to overlook the requests for rearrangement of web servers by setting their default configurations. In this way hackers will not be able to change the configurations to perform or to launch a security attack (SpamLaws). Encryption: It is a very useful technique for the protection of the data and information in the Web2.0 based arrangement. It can efficiently protect from the outsider attacks (SpamLaws). Protected Servers: By making web based server protected against the outsider attacks we can implement better security and privacy management. This can be done through the establishment of highly sophisticated firewall systems or intrusion detection system (SpamLaws). Web 2.0 Security Management: In this section I will present some guidelines in order to implement security for Web 2.0. Below are some guidelines for the better management of security: Verification of User-Input: While making use of interactive Web applications the users have to authenticate their admittance throughout utilization of a user-input validation display. In this scenario there is a dire need for the proper confirmation of the user data and inputs (Spamlaws) and (TrendMicro). Encryption: When utilizing Web 2.0 systems, the data needs to be encrypted so that no one can be able to have an illegal access to user information and data. In this scenario there is a dire need for the establishment of enhanced encryption method that can effectively hide that data from illegitimate users (Spamlaws) and (TrendMicro). Protected Servers: The Web2.0 technology incorporates online data storage facility that can create some security and privacy related problems such as illegal access and data access issues. In this scenario there is a need for enhanced protection along with data safety at the servers and network levels (Spamlaws) and (TrendMicro). Application Changes: When organizations make changes in their Web 2.0 systems, it is essential for them to examine the application for some flaws that have happened as an effect of the transformations or improvements to the application. As well, it is essential to maintain the Web server modernized by means of the most recent network and system security patches to guarantee that the data in the application is safe (Spamlaws) and (TrendMicro). Web 2.0 is becoming a very useful tool for the businesses. It is very helpful for improving the performance of the corporations. However, there are lots of security related issues in Web 2.0. This paper has presented a brief overview of some of the main aspects regarding the Web 2.0 security. This paper has also suggested possible mitigation actions those can be taken for an effective Web 2.0 security management. Works Cited M86 Security. Web 2.0 Security. 2011. 07 March 2011 . Greengard, Samuel. Web 2.0 Security Strategy. 12 October 2010. 09 February 2011 . Hines, Matt. Experts hammer Web 2.0 security. 21 February 2008. 09 February 2011 . ITSecurity. Best Practices for Web 2.0 Security. 2011. 09 February 2011 . Mysore, Shivaram H. Less than 10 things you should know about Web 2.0 Security. January 2008. 08 March 2011 . Perez, Sarah. Top 8 Web 2.0 Security Threats. 17 February 2009. 09 February 2011 . SpamLaws. 5 Best Methods for Web 2.0 Security . 2009. 09 February 2011 . TechTarget. Cloud Computing. 28 December 2007. 09 February 2011 . TrendMicro. Web Threats. April 2007. 07 March 2011 . XIBL. Web 2.0 Security. 09 February 2011. 08 March 2011 . Read More