Subscribe

Web 2.0 opens security holes

By Ilva Pieterse, ITWeb contributor
Johannesburg, 07 May 2008

Although Web 2.0 has allowed for a new way of thinking about using the Web, there are many negative security implications.

Speaking at ITWeb Security Summit 2008, in Midrand yesterday, Charl van der Walt, founding member of Sensepost, explained Web 2.0 created a technical evolution.

"Technologies such as XML and CSS, JSON/AJAX and WSDL and Web services and XMLHTTPRequest Object, RSS and Atom and mash-ups are all Web 2.0 enablers. But these do nothing to increase security. In fact, they only obfuscate potential flaws," he explained.

According to Ian de Villiers, senior developer from Sensepost, Web 2.0 has shifted focus from commercially-driven content to user-driven content.

"The user is now where the value lies (content), which makes them an attractive target," he said. "And information is the new currency."

David Maman, senior technologist at Fortinet, said: "Today, everyone is a content and service provider. Everyone can be heard and everyone is sharing information. Web 2.0 has really changed the way we are forced to look at security.

"Furthermore, the nature of mobile technologies is that your identity can travel with you. You are always available. But what about roaming security solutions?" he warned.

Share