Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

The Development of Security Technology to Keep Pace with Web 2.0

InfoSecurity Europe : 17 March, 2010  (Technical Article)
Michael Shema of Qualys explains the challenging environment of Web 2.0 and how security applications need to keep pace as threats adapt to new ways that consumers are using the web
See our events guide listing for more details

Web 2.0 is thriving, and so too are applications that take advantage of this technology. Interactive sites like LinkedIn, Twitter and even company websites are becoming ever more popular, and yet, many IT departments are unprepared for today's emerging threats. As more companies take to the web to conduct business, the opportunity for attack is increased and organisations need to re-adjust security practices for the Web 2.0 world.

Traditionally, potential security breaches, or vulnerabilities, target personal and business information that is created and stored in certain Web 2.0 applications, such as Google Docs and Mobile Me. Using JavaScript programmes developed to capture data, hackers can redirect users to a perfect copy of the site they're expecting to see. When log-in details are entered, they're unknowingly sent to the attacker, providing them with information they need to access sensitive business information.

New attack methods are constantly being employed by hackers, taking advantage of technologies that are already in place. Attackers continuously try to bypass security systems in place on sites such as Facebook, and gain access to information using the code that is running on the browser through the third-party.

There is a difference in the way attackers operate; some choose to exploit web applications, like Twitter, while others choose to exploit the web browser. Here hackers pepper large numbers of websites with JavaScript which enables them to collect data on visitors to targeted sites. Rather than specific web applications being targeted, the browser instead acts as the delivery mechanism, where links can be used to either redirect users to other 'fake' sites, or load damaging content.

In early web attacks, it was all about site defacement where content would be edited, with messages being incorporated or offensive images being added. This has changed and the emphasis is on remaining undetected so that site owners will not know that security has been compromised. JavaScript enables hackers to use these attacks for financial gain instead of to just be a nuisance.

Many people associate hacking with credit-card and bank fraud - but this is not the case. ID theft is not just about being able to spend somebody else's money; it can be used to set-up credit accounts with business suppliers or open-up new premises, all at another's expense.

Whilst hackers are constantly evolving and adapting to new technologies, businesses are responding just as well. Employees, as well as IT departments, are now aware of security risks and most companies have IT security policies in place. Patches, security alerts and updates are now issued regularly from vendors and should be monitored and downloaded when available.

In addition, there are a number of tools which can help prevent attacks - web application scanning in particular. This is an automated process which searches for software vulnerabilities in websites by launching its own attacks and analysing the results.

Technology continues to advance at an alarming rate - and with it those people who are willing to exploit others for financial gain. By staying informed of potential risks and combining the tried and tested preventative methodologies, IT departments can ensure they are well-equipped to deal with the constant threat of Web 2.0 attacks.

Qualys Technologies is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th - 29th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo