|
contents | business | |||||||
| Imperva's Firewall Defends Against Web 2.0 Security Threats Imperva announces that its security research organization, the Application Defense Center, is making available two free educational resources designed to help organizations understand and defend against security risks posed by Web 2.0 infrastructures. First the ADC is offering a free Webinar that outlines and demonstrates violations of security best practices introduced by Web 2.0 applications. In addition, the ADC has developed a downloadable technical brief that explains the security vulnerabilities associated with Web 2.0 applications and presents mitigation techniques. Web 2.0 applications generally include a mix of three characteristics: Rich Interface Applications (RIA), Syndication (RSS, Mashups, etc.), and User participation (social networks, Wikis, blogs). Each category introduces its own set of vulnerabilities and risks, which create a larger attack surface. One common weakness is the shifting of security processing from the web server to the client. This approach is imposed by scripting used to deliver dynamic Web 2.0 content. Client side security checks, however, violate documented best practices for protecting Internet applications. By blurring the distinction between client and server code, Web 2.0 applications increase exposure to session and cookie tampering, SQL Injection, directory traversal, and cross site scripting attacks. To help IT organizations understand the vulnerabilities introduced by Web 2.0 applications and take appropriate measures to secure their infrastructure, Imperva is hosting a free Webinar on March 14 and offering a companion technical brief entitled Understanding Web 2.0: Technologies, Risks, and Best Practices. The Webinar and brief will cover key Web 2.0 security concepts and remediation strategies, including: - Why Web 2.0 frameworks are ideally suited for cross site scripting and script injection attacks; - Best practice violations: client versus server side security processing; - Tracking input validation in AJAX; - Performing state tracking in modular applications. To register for the Webinar please visit www.imperva.com/go/webinar20. To request the companion technical brief, which will be available after the Webinar, visit www.imperva.com/go/tbw20. write your comments about the article :: © 2007 Networking News :: home page |