[<prev] [next>] [day] [month] [year] [list]
Message-ID: <6905b1570708311610u4bf914f2r65c9a09952e00833@mail.gmail.com>
Date: Sat, 1 Sep 2007 00:10:20 +0100
From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
"OWASP Leaders" <owasp-leaders@...ts.owasp.org>,
"Webappsec @securityFocus" <webappsec@...urityfocus.com>,
"WASC Forum" <websecurity@...appsec.org>
Subject: WHITE PAPER: For my next trick… hacking Web2.0
After several month spent in research on Web2.0 Insecurities I've
decided to sit down and write a whitepaper. The paper quickly became
rather blurred due to enormous amount of notes I've collected on this
subject. This is the reason why it was later restructured into
stories, which provide a lot better medium for understanding the
content.
http://www.gnucitizen.org/projects/for-my-next-trick-hacking-web20/
http://www.gnucitizen.org/projects/for-my-next-trick-hacking-web20/web2.0hacking.pdf
http://docs.google.com/Doc?id=dfpvfkxn_48f87xsv
For some Web2.0 symbolizes the start of a new era of the Web, for
others it is merely a marketing buzzword designed to hook unaware
venture capitalists on the Web2.0 hype.
The term Web2.0 appeared for the first time in 2003 at a conference
organized by O'Reilly media. The event, simply titled "Web 2.0″,
attempted to reference the second generation of web technologies such
as social communities, server oriented architectures, Wikis, blogs,
collaborative environments, AJAX, etc. Since then the term has become
widely adopted across the entire Web industry and it has been used
ever since to describe innovation.
In simple words, Web2.0 outlines the technological, philosophical and
social superset of what we used to know as just the Web. Although we
know that the Web is not bound to any version number, it makes our
lives a lot easier to do so, so we can refer to a particular set of
features. The features of the Web2.0 era are rather blurred due to the
enormous amount of different opinions on the matter but we all agree
that they must include things such as feeds, data aggregators,
collaborative environments, social networks, client-side technologies
and SOA (Server Oriented Architecture).
Although Web2.0 has improved our ability to freely communicate and
share via the means of the Net, it has brought some unimaginable
dangers and as a result it is insecure. Web2.0 security is very much a
collection of every single security aspects of its components. On
their own they are just simple system abnormalities, but when put
together they create a problem worth our attention.
In this paper we are going to outline some of the dangers of Web2.0 by
combining fictional stories with technology that is real. Each story
begins with a prologue, which introduces the problem, and finishes
with a conclusion, which summarizes the attack techniques that are
described within the story context.
Cheers
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists