WebApp Sec mailing list archives

Re: Web 2.0 support group

From: Steve Pinkham <steve.pinkham () gmail com>
Date: Wed, 09 Sep 2009 09:10:56 -0400

Steven M. Christey wrote:

So I've been an observer of the "Web 2.0 is a security nightmare" camp
with the occasional head nods and detached agreement, being enough of a
generalist that I didn't have anything to add to the alarms raised by the
specialists.  Where is the support group for those who have recently
realized just how desperate the situation is?

I'm not being entirely facetious.  Is there any hope at all?

- Steve

1. No, but there is no hope for generalized security apart from "Web2.0" either. There is only risk reduction.

2. Stop complaining about Web 2.0. Really. It doesn't exist. Thereare security problems specific to JSON, AJAX, REST, SOAP, FLEX, socialnetworking, P2P, etc. If you want to actually discuss the risk, namethe risk you're interested in. Web 2.0 doesn't mean anything we candiscuss like rational people. Same goes for "the Cloud".


Steve
--
 | Steven E. Pinkham                      |
 | Security Researcher, Maven Security    |
 | steve.pinkham () mavensecurity com        |
 | GPG public key ID CD31CAFB             |

Current thread:

Web 2.0 support group Steven M. Christey (Sep 09)
- Re: Web 2.0 support group Steve Pinkham (Sep 09)
  - Re: Web 2.0 support group Catherine Pagliaro (Sep 09)