skip to main content
10.1145/1497308.1497443acmconferencesArticle/Chapter ViewAbstractPublication PagesiiwasConference Proceedingsconference-collections
research-article

Security in web 2.0 application development

Published: 24 November 2008 Publication History

Abstract

In this paper we survey and validate some of the known security and reliability issues in Web 2.0 based application development. We see in Web 2.0 application development an evolving paradigm shift in security focus from servers to clients. Our approach consists of critically reviewing relevant literature including books, published articles, vendor documentations, white papers, and expert opinions; performing a detailed technical examination of the claims of exploits; and presenting the findings. Then we examine some industry best practices in Web 2.0 application security, and list the most effective approaches and countermeasures. Finally, we present some recommendations to improve the security environment in Web 2.0, as well as an indication of some future research in this area. The paper is aimed at both developers and users of Web 2.0 based systems.

References

[1]
Carr, Nicholas. 2005. "The amorality of Web 2.0". Retrieved on 8/1/2008 from: http://www.roughtype.com/
[2]
Cgisecurity.com. 2002. "The Cross Site Scripting (XSS) FAQ". Retrieved on 8/1/2008 from: www.cgisecurity.com/articles/xss-faq.shtml
[3]
Damodaran, Meledath. "Secure Software Development Using Use Cases and Abuse/Misuse Cases". Issues in Information Systems, 2006, vol. 7, no. 1 Pages 150--154
[4]
Enright, Greg. 2007. "Web 2.0 applications raise security issues". Network World Canada. Retrieved on 8/1/2008 from: http://www.computerworld.com.au
[5]
Evers, Joris. 2006. "The security risk in Web 2.0". Retrieved on 8/1/2008 from: http://www.cnet.com/
[6]
Evers, Joris. 2007. "Tool turns unsuspecting surfers into hacking help". CNET News.com. Retrieved on 8/1/2008 from: http://www.cnet.com/
[7]
Google, Inc. "Security for GWT Applications". Retrieved on 8/1/2008 from: http://groups.google.com/group/Google-Web-Toolkit/web/security-for-gwt-applications
[8]
Grohol, John M., Psy. D. 2007. "Reliability and Validity in a Web 2.0 World" Retrieved on 8/1/2008 from: http://psychcentral.com
[9]
Jardin, Xeni. 2005. "Web 2.0 Cracks Start to Show". Retrieved on 8/1/2008 from: http://www.wired.com/
[10]
Krasne, Alexandra. 2005. "What Is Web 2.0 Anyway?". Retrieved on 8/1/2008 from: http://www.techsoup.org
[11]
Krause & Al. 2008. "The Anti-Social Tagger Detecting Spam in Social Bookmarking Systems". Retrieved on 8/1/2008 from: http://www.kde.cs.uni-kassel.de
[12]
LaMonica, Martin. 2006. "IBM eyes programming for the masses". CNET News.com. Retrieved on 8/1/2008 from: http://www.cnet.com/
[13]
McMillan, Robert. 2007. "As Web 2.0 evolves, security becomes an issue". IDG News Service.
[14]
Microsoft. 2000. "Cross-Site Scripting Security Exposure Executive Summary". Retrieved on 8/1/2008 from: http://www.microsoft.com/
[15]
Microsoft. "Basic Security Practices for ASP.NET Web Applications". Visual Web Developer. Retrieved on 8/1/2008 from: http://www.microsoft.com/
[16]
Mysore, Shivaram H. 2008. "Web 2.0 Security". Retrieved on 8/1/2008 from: www.TrustStix.com
[17]
OpenAjax. "Ajax and Mashup Security". Retrieved on 8/1/2008 from: www.openajax.org/member/wiki/Ajax_Security_Resources
[18]
OWASP. "Cross-Site Request Forgery (CSRF)". Retrieved from Retrieved on 8/1/2008 from: www.owasp.org/index.php/CrossSite_Request_Forgery
[19]
Perrin, Chad. 2008. "What is cross-site scripting?". CNET Networks, Inc. Retrieved on 8/1/2008 from: http://www.cnet.com/
[20]
Shiflett, Chris. "Security Corner: Cross-Site Request Forgeries". PHP Architect, 28 Nov 2004
[21]
Stamos, Alex & Lackey, Zane. 2006. "Attacking AJAX Web Applications Vulns2.0 for Web 2.0". Retrieved on 8/1/2008 from: http://iSECPartners.com
[22]
Symantec. 2008. "Symantec Internet Security Threat Report trends for July-December 07". Volume Xiii. Retrieved on 8/1/2008 from: http://www.Symantec.com
[23]
Taylor, John. 2006. "JavaScript Security in Mozilla". Retrieved on 8/1/2008 from: www.mozilla.org.
[24]
Turban & Al. 2007. Decision Support and Business Intelligence Systems. Pearson, NJ.
[25]
Utter, David. 2007. "Jikto Hits The Web". Retrieved on 8/1/2008 from: http://www.securitypronews.com/
[26]
Wikipedia. 2008. "Cross-site scripting". Retrieved on 8/1/2008 from: http://www.wikipedia.com
[27]
Wikipedia. 2008. "Cross-site request forgery" Retrieved on 8/1/2008 from: http://www.wikipedia.com

Cited By

View all
  • (2021)Reviewing risks and vulnerabilities in web 2.0 for matching security considerations in web 3.0Journal of Discrete Mathematical Sciences and Cryptography10.1080/09720529.2020.1857903(1-17)Online publication date: 20-Apr-2021
  • (2019)The development of application to promote housework for elder peopleProceedings of the 8th International Conference on Informatics, Environment, Energy and Applications10.1145/3323716.3323748(243-247)Online publication date: 16-Mar-2019
  • (2019)IntroductionSecurity and Data Storage Aspect in Cloud Computing10.1007/978-981-13-6089-3_1(1-15)Online publication date: 10-Feb-2019
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
iiWAS '08: Proceedings of the 10th International Conference on Information Integration and Web-based Applications & Services
November 2008
703 pages
ISBN:9781605583495
DOI:10.1145/1497308
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 November 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. application development
  2. reliability
  3. security
  4. web 2.0

Qualifiers

  • Research-article

Conference

iiWAS08
Sponsor:

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)28
  • Downloads (Last 6 weeks)0
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2021)Reviewing risks and vulnerabilities in web 2.0 for matching security considerations in web 3.0Journal of Discrete Mathematical Sciences and Cryptography10.1080/09720529.2020.1857903(1-17)Online publication date: 20-Apr-2021
  • (2019)The development of application to promote housework for elder peopleProceedings of the 8th International Conference on Informatics, Environment, Energy and Applications10.1145/3323716.3323748(243-247)Online publication date: 16-Mar-2019
  • (2019)IntroductionSecurity and Data Storage Aspect in Cloud Computing10.1007/978-981-13-6089-3_1(1-15)Online publication date: 10-Feb-2019
  • (2016)ERIProceedings of the 9th EAI International Conference on Mobile Multimedia Communications10.5555/3021385.3021410(126-129)Online publication date: 18-Jun-2016
  • (2016)Security and service assurance issues in Cloud environmentInternational Journal of System Assurance Engineering and Management10.1007/s13198-016-0525-09:1(194-207)Online publication date: 9-Aug-2016
  • (2015)Security threats in cloud computingInternational Conference on Computing, Communication & Automation10.1109/CCAA.2015.7148450(632-636)Online publication date: May-2015
  • (2014)Electronic Records Management - An Old Solution to a New ProblemInternational Journal of Electronic Government Research10.4018/ijegr.201410010510:4(94-116)Online publication date: Oct-2014
  • (2013)Anatomy of drive-by download attackProceedings of the Eleventh Australasian Information Security Conference - Volume 13810.5555/2525483.2525489(49-58)Online publication date: 29-Jan-2013
  • (2011)Identification of potential malicious web pagesProceedings of the Ninth Australasian Information Security Conference - Volume 11610.5555/2460416.2460422(33-40)Online publication date: 17-Jan-2011

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media