For my next trick… hacking Web2.0
After several month spent in research on Web2.0 Insecurities I’ve decided to sit down and write a whitepaper. The paper quickly became rather blurred due to enormous amount of notes I’ve collected on this subject. This is the reason why it was later restructured into stories, which provide a lot better medium for understanding the content.
For some Web2.0 symbolizes the start of a new era of the Web, for others it is merely a marketing buzzword designed to hook unaware venture capitalists on the Web2.0 hype.
The term Web2.0 appeared for the first time in 2003 at a conference organized by O’Reilly media. The event, simply titled
Web 2.0, attempted to reference the second generation of web technologies such as social communities, service oriented architectures, Wikis, blogs, collaborative environments, AJAX, etc. Since then the term has become widely adopted across the entire Web industry and it has been used ever since to describe innovation.
In simple words, Web2.0 outlines the technological, philosophical and social superset of what we used to know as just the Web. Although we know that the Web is not bound to any version number, it makes our lives a lot easier to do so, so we can refer to a particular set of features. The features of the Web2.0 era are rather blurred due to the enormous amount of different opinions on the matter but we all agree that they must include things such as feeds, data aggregators, collaborative environments, social networks, client-side technologies and SOA (Service Oriented Architecture).
Although Web2.0 has improved our ability to freely communicate and share via the means of the Net, it has brought some unimaginable dangers and as a result it is insecure. Web2.0 security is very much a collection of every single security aspects of its components. On their own they are just simple system abnormalities, but when put together they create a problem worth our attention.
In this paper we are going to outline some of the dangers of Web2.0 by combining fictional stories with technology that is real. Each story begins with a prologue, which introduces the problem, and finishes with a conclusion, which summarizes the attack techniques that are described within the story context.