funsec mailing list archives
'Web 2.0 Charlatans' and 'Premature AJAXulation'
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Tue, 15 Apr 2008 02:43:55 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is probably my favorite new phrase. :-) Via Reg Developer. [snip] Forget a wave of Web 2.0 threats taking down your software, stealing your data or exposing users - the real danger is posed by some existing attack techniques. And it's IT charlatans peddling over-night AJAX solutions that'll leave you vulnerable. Two security experts from Microsoft and Hewlett Packard have warned against "premature AJAXulation" - the practice of using quick fixes to turn existing software in into Rich Internet Application wonders - saying these are architecturally flawed. Microsoft security program manager Bryan Sullivan, during a joint session called Ajax Applications: A Blueprint for Disaster, told RSA: "People talk about sexy new Web 2.0 attacks. What's going to break the internet are these old Web 1.0 attacks like SQL injection, which works well against Web 2.0 applications. They are more efficient and more effective." [snip] More: http://www.regdeveloper.co.uk/2008/04/14/ajax_charlatans_old_school_attack/ - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBBZoq1pz9mNUZTMRAqo8AKCIf9ix45GAku8E9skbrauDEApKXwCfeekT c9RORm5HGo9ePR4q3GEO6SQ= =2w7m -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 'Web 2.0 Charlatans' and 'Premature AJAXulation' Paul Ferguson (Apr 14)
- Re: 'Web 2.0 Charlatans' and 'Premature AJAXulation' Hubbard, Dan (Apr 15)