Like most approaches to automated anything, as “Web 2.0” advances, it gets lazy. And as users adopt Web 2.0 “styles” of publishing, they assume the risk associated with that “laziness“. All growth markets suffer periodic “corrections”, but in the case of web publishing and security, a correction can be more like a Kick In The Teeth than a helpful reminder because it comes from security breeches and hacks and attacks. Is Web 2.0 about to get kicked? Take a look at this talk on the agenda for the current Black Hat security conference:
DAjax, Web Services and Rich Internet (Flash) are redefining application security scanning challenges and strategies. We are witnessing some emerging attack vectors like Cross Site Scripting with JSON, Cross Site Request Forgery with XML, WSDL scanning, XPATH injection with XML streams etc. This presentation will cover Web 2.0 attacks, new scanning tools for assessment and approaches for Web 2.0 code analysis with demonstrations. Professionals can apply knowledge in real life to secure Web 2.0 application layer.