WebApp Sec mailing list archives
Re: Web 2.0 support group
From: Steve Pinkham <steve.pinkham () gmail com>
Date: Wed, 09 Sep 2009 09:10:56 -0400
Steven M. Christey wrote:
So I've been an observer of the "Web 2.0 is a security nightmare" camp with the occasional head nods and detached agreement, being enough of a generalist that I didn't have anything to add to the alarms raised by the specialists. Where is the support group for those who have recently realized just how desperate the situation is? I'm not being entirely facetious. Is there any hope at all? - Steve
1. No, but there is no hope for generalized security apart from "Web 2.0" either. There is only risk reduction.
2. Stop complaining about Web 2.0. Really. It doesn't exist. There are security problems specific to JSON, AJAX, REST, SOAP, FLEX, social networking, P2P, etc. If you want to actually discuss the risk, name the risk you're interested in. Web 2.0 doesn't mean anything we can discuss like rational people. Same goes for "the Cloud".
Steve -- | Steven E. Pinkham | | Security Researcher, Maven Security | | steve.pinkham () mavensecurity com | | GPG public key ID CD31CAFB |
Current thread:
- Web 2.0 support group Steven M. Christey (Sep 09)
- Re: Web 2.0 support group Steve Pinkham (Sep 09)
- Re: Web 2.0 support group Catherine Pagliaro (Sep 09)
- Re: Web 2.0 support group Steve Pinkham (Sep 09)