Presentation is loading. Please wait.

Presentation is loading. Please wait.

Insecure Trends in Web 2.0 Applications. It’s all about Web 2.0  It’s in everywhere  This is the new way  Second dot com craziness, and it’s not going.

Published byAditya Fluke Modified over 9 years ago

Similar presentations

Presentation on theme: "Insecure Trends in Web 2.0 Applications. It’s all about Web 2.0  It’s in everywhere  This is the new way  Second dot com craziness, and it’s not going."— Presentation transcript:

1 Insecure Trends in Web 2.0 Applications

2 It’s all about Web 2.0  It’s in everywhere  This is the new way  Second dot com craziness, and it’s not going to burst this time...

3 Web 2.0 Trends  Usability  Simplicity  Sociability  Integration  Outsourcing

4 Usability & Simplicity Instead of KISS - Keep It Simple & Stupid it should be KISSS - Keep It Simple, Stupid & Secure

5 Just “Stupid”  Changing password without requiring the current one  Guilty:  Twitter  Impact:  Permanent account hijacking

6 Just “Stupid” – Password pls.  “Give me your hotmail password so I can send spam to your contact list”  Guilty:  Bebo, Facebook, Diigo ve tüm diğer sosyal hoppalık içeren Web 2.0 uygulamaları  What’s next? Websites will request password of our online bank? (Wait! It’s already done! – mint.com)

7 Just “Stupid” – remember me  “Remember Me” functionality  Guilty:  Everyone!  Impact:  Increasing the success possibility of Cross-site Scripting and similar session hijacking attacks.

8 Just “Stupid” – send it away  Resetting passwords without requiring an extra information other than an e-mail  Guilty:  Everyone!  Impact:  If victim’s e-mail compromised than all of his or her identity will be gone within minutes.

9 Just “Stupid” – password1  Limiting password length, not allowing user to choose secure passwords.  Guilty:  A Lot!  Impact:  Forcing user to be insecure! Really poor interpretation of KISS.

10 Sociability Kevin Mitnick gotta love Web 2.0 !

11 Social Attractions – Where were you last night?  Too much personal information online.  Guilty:  Linkedin, youtube, twitter, facebook, blogs, the crazy guy who shot your photo and posted to flickr, “transparent” company blogs etc.  Impact:  Easier social engineering attacks...

12 Integration – Get this API and hack me  Overpowered APIs, Facebook widgets, RSS madness!  Guilty:  Facebook, Feedburner.  Impact:  Using API functionality to hack the website who provides the API.

13 Outsourcing  Too much external component usage  Guilty:  Blogosphere, video embedding, flash embedding, widgets, stats, external javascripts... All new websites.  Impact:  Increased attack surface, To able to make one website secure you have to secure 10 websites.

14 SSL ?  What happened to SSL?  Guilty:  Gmail (after 4 years they fixed), and lots, lots of other Web 2.0 applications.  Impact:  Isn’t it obvious?

15 Did you say “Best Practice”?  Agile Programming,  Shorter Dead-lines,  Fast development means more money,  Lack of defined best practices about new technologies

16 Security doesn’t sell MS Vista proved it! Unfortunately, Web 2.0 is not an exception

17 Web 2.0 Followers  Every single day new Web 2.0 startups are launching all over the world and they do follow all these bad practices, because big guys are doing them.

18 Security... First make it secure, then make it Web 2.0

19 Questions and Discussion @fmavituna finished his talk, and waiting some question from the audience. (*) *not so obscure twitter joke

20 Thanks...

Download ppt "Insecure Trends in Web 2.0 Applications. It’s all about Web 2.0  It’s in everywhere  This is the new way  Second dot com craziness, and it’s not going."

Similar presentations

Grace Rizza. Background O Owner Identity Dental Marketing O Marquette University Alumna – O Studied Advertising & Psychology O Obsessed with dental marketing,

Grace Rizza. Background O Owner Identity Dental Marketing O Marquette University Alumna – O Studied Advertising & Psychology O Obsessed with dental marketing,
Getting Started with Social media YouTube, We Tube Jayme Swain Director, Engage.

Getting Started with Social media YouTube, We Tube Jayme Swain Director, Engage.
A note for you We have created this presentation for you, the outstanding employee who has IT security on the brain. We want to help you spread the word.

A note for you We have created this presentation for you, the outstanding employee who has IT security on the brain. We want to help you spread the word.
K-State IT Security Training Ken Stafford CIO and Vice Provost for IT Services Harvard Townsend Chief Information Security Officer

K-State IT Security Training Ken Stafford CIO and Vice Provost for IT Services Harvard Townsend Chief Information Security Officer
Privacy: Facebook, Twitter

Privacy: Facebook, Twitter
NHnetWORKS December 14, 2009.  Facebook is a global Social Networking website that is operated and privately owned by Facebook, Inc.  Users can add.

NHnetWORKS December 14,  Facebook is a global Social Networking website that is operated and privately owned by Facebook, Inc.  Users can add.
Explain the social impacts of the use of IT.. Social Social networking has made the world Bigger and easier to communicate with others. It allows friends,

Explain the social impacts of the use of IT.. Social Social networking has made the world Bigger and easier to communicate with others. It allows friends,
Social Media Intro to Business & Marketing. The most three most trusted forms of advertising are: Recommendations from people I know - 90% Consumer opinions.

Social Media Intro to Business & Marketing. The most three most trusted forms of advertising are: Recommendations from people I know - 90% Consumer opinions.
Social Media Networking Sites Charlotte Jenkins Designing the Social Web 06-10-2011.

Social Media Networking Sites Charlotte Jenkins Designing the Social Web
IU Librarians’ Day - 05/15/09 Emerging Technologies & Libraries: What’s new & useful to libraries Chanitra Bishop, Instruction & Emerging Technologies.

IU Librarians’ Day - 05/15/09 Emerging Technologies & Libraries: What’s new & useful to libraries Chanitra Bishop, Instruction & Emerging Technologies.
04 – THEATRE WEBSITE AND ONLINE TICKETING SYSTEMS B063 – OCER Theatre.

04 – THEATRE WEBSITE AND ONLINE TICKETING SYSTEMS B063 – OCER Theatre.
Communicator’s Council Feb. 28, 2011 Blogs and Social Media.

Communicator’s Council Feb. 28, 2011 Blogs and Social Media.
Social Media Training Public Records, Privacy and Accountability.

Social Media Training Public Records, Privacy and Accountability.
Group #11 SOCIAL NETWORKING. a website where one connects with those sharing personal or professional interests, place of origin, education at a particular.

Group #11 SOCIAL NETWORKING. a website where one connects with those sharing personal or professional interests, place of origin, education at a particular.
© 2012 Microsoft Corporation. All rights reserved. Amazing apps. Windows 8 comes with built-in apps for the things you do most to help get your favorite.

© 2012 Microsoft Corporation. All rights reserved. Amazing apps. Windows 8 comes with built-in apps for the things you do most to help get your favorite.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
{ Internet influence… Reasons of internet usage. How does it influence us? Yessenzholova Akbota, 11a Yessenzholova Akbota, 11a 2014y. 2014y.

{ Internet influence… Reasons of internet usage. How does it influence us? Yessenzholova Akbota, 11a Yessenzholova Akbota, 11a 2014y. 2014y.
Online Presence for SAIPs What’s Online Presence?

Online Presence for SAIPs What’s Online Presence?
21 Ways to Make the Most of Your Website A Guide for Successful Businesses.

21 Ways to Make the Most of Your Website A Guide for Successful Businesses.
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Similar presentations

Ads by Google