Security in a Web 2.0 World

Abstract

Web 2.0 has brought enumerable benefits as well as daunting problems of securing transactions, computers, and identities. Powerful hacker techniques, including cross-site scripting (XSS) and cross-site request forgery (CSRF), are used to exploit applications to reveal and steal, at the worst, confidential information and money, or, at the least, cause trouble and waste time and money for reasons that may be best described as fun or simply possible to do. The people interested in transgressing Web 2.0 applications do so for money, prestige, or for the challenge. An infamous hacker from the early days of the Internet now heads his own Internet security company. A more recent hacker of some infamy has created a stir of concern and consternation as to how pervasive and potentially destructive hacker attacks can be. Securing Web 2.0 applications requires a multifaceted approach involving improved code development standards, organizational policy changes, protected servers and workstations, and aggressive law enforcement.