'Web 2.0 Charlatans' and 'Premature AJAXulation'

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is probably my favorite new phrase. :-)

Via Reg Developer.

[snip]

Forget a wave of Web 2.0 threats taking down your software, stealing your
data or exposing users - the real danger is posed by some existing attack
techniques. And it's IT charlatans peddling over-night AJAX solutions
that'll leave you vulnerable.

Two security experts from Microsoft and Hewlett Packard have warned against
"premature AJAXulation" - the practice of using quick fixes to turn
existing software in into Rich Internet Application wonders - saying these
are architecturally flawed.

Microsoft security program manager Bryan Sullivan, during a joint session
called Ajax Applications: A Blueprint for Disaster, told RSA: "People talk
about sexy new Web 2.0 attacks. What's going to break the internet are
these old Web 1.0 attacks like SQL injection, which works well against Web
2.0 applications. They are more efficient and more effective."

[snip]

More:
http://www.regdeveloper.co.uk/2008/04/14/ajax_charlatans_old_school_attack/

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIBBZoq1pz9mNUZTMRAqo8AKCIf9ix45GAku8E9skbrauDEApKXwCfeekT
c9RORm5HGo9ePR4q3GEO6SQ=
=2w7m
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.