Rich Internet Applications (RIA) use very rich UI features such as Flash, ActiveX Controls or Applets as their primary interfaces to Web applications. There are a few security issues with this framework. One of the major issues is with session management since it is running in browser and sharing same session. At the same time since the entire binary component is downloaded to the client location, an attacker can reverse engineer the binary file and decompile the code. It is possible to patch these binaries and bypass some of the authentication logic contained in the code. This is another interesting attack vector for WEB 2.0 frameworks.
AJAX, RIA and Web services are three important technological vectors for the WEB 2.0 application space. These technologies are promising and bring new equations to the table, empowering overall effectiveness and efficiency of Web applications. With these new technologies come new security issues, and ignoring them can lead to big disasters for the corporate world. In this article, the discussion was restricted to only ten attacks but there are several other attack vectors as well. Increased WEB 2.0 security awareness, secure coding practices and secure deployments offer the best defense against these new attack vectors.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.