Thread-topic: [WEB SECURITY] For my next trick? hacking W eb2.0
> -----Original Message-----
> From: pdp (architect) [mailto:pdp.gnucitizen@xxxxxxxxxxxxxx]
> Sent: Saturday, September 01, 2007 3:10 AM
> To: full-disclosure@xxxxxxxxxxxxxxxxx;
> bugtraq@xxxxxxxxxxxxxxxxx; OWASP Leaders; Webappsec
> @securityFocus; WASC Forum
> Subject: [WEB SECURITY] WHITE PAPER: For my next trick? hacking Web2.0
>
> After several month spent in research on Web2.0 Insecurities I've
> decided to sit down and write a whitepaper. The paper quickly became
> rather blurred due to enormous amount of notes I've collected on this
> subject. This is the reason why it was later restructured into
> stories, which provide a lot better medium for understanding the
> content.
>
> http://www.gnucitizen.org/projects/for-my-next-trick-hacking-web20/
> http://www.gnucitizen.org/projects/for-my-next-trick-hacking-web20/web2.0hacking.pdf
> http://docs.google.com/Doc?id=dfpvfkxn_48f87xsv
>
> For some Web2.0 symbolizes the start of a new era of the Web, for
> others it is merely a marketing buzzword designed to hook unaware
> venture capitalists on the Web2.0 hype.
>
> The term Web2.0 appeared for the first time in 2003 at a conference
> organized by O'Reilly media. The event, simply titled "Web 2.0?,
> attempted to reference the second generation of web technologies such
> as social communities, server oriented architectures, Wikis, blogs,
> collaborative environments, AJAX, etc. Since then the term has become
> widely adopted across the entire Web industry and it has been used
> ever since to describe innovation.
>
> In simple words, Web2.0 outlines the technological, philosophical and
> social superset of what we used to know as just the Web. Although we
> know that the Web is not bound to any version number, it makes our
> lives a lot easier to do so, so we can refer to a particular set of
> features. The features of the Web2.0 era are rather blurred due to the
> enormous amount of different opinions on the matter but we all agree
> that they must include things such as feeds, data aggregators,
> collaborative environments, social networks, client-side technologies
> and SOA (Server Oriented Architecture).
>
> Although Web2.0 has improved our ability to freely communicate and
> share via the means of the Net, it has brought some unimaginable
> dangers and as a result it is insecure. Web2.0 security is very much a
> collection of every single security aspects of its components. On
> their own they are just simple system abnormalities, but when put
> together they create a problem worth our attention.
>
> In this paper we are going to outline some of the dangers of Web2.0 by
> combining fictional stories with technology that is real. Each story
> begins with a prologue, which introduces the problem, and finishes
> with a conclusion, which summarizes the attack techniques that are
> described within the story context.
>
> Cheers
>
> --
> pdp (architect) | petko d. petkov
> http://www.gnucitizen.org
>