Question

Much has been made of the new Web 2.0 phenomenon, including social networking sites and user-created mash-ups. How does Web 2.0 change security for the Internet? How do secure software development concepts support protecting applications?

Answer 1

Answer:

Explanation:

World Wide Web (www) has advanced as a major technology since its introduction during the 1980s. In beginning web sites were primarily used only by few number of users to share information related to their academic work. As the user interface evolved over the next coming years with each new version bringing in new frameworks and techniques, it powered web as a hub of technology. Web 1.0, 2.0 and 3.0 brought more dynamic features to the users. Web 1.0 used to describe the web content in static resulting in rigid user experience. Web 2.0 which powered social networking sites became popular developing the web which ultimately served as a platform for people to create and share their own content on the web in the form of blogs, wikis, feeds, tagging systems, user-created publication systems etc. The evolution of web technology began to spread its roots into the major business areas which brought in the requirement for high speed and expanded availability for substantial number of users.

On the other hand, Web 2.0 has also brought some security’s concerns. Mainly the component of client interaction with web, it opened doors to unauthorized actions in the application. In order to provide a rich user experience majority Web 2.0 sites have adopted lightweight user interface code such as asynchronous JavaScript and XML (AJAX). In the Conventional client-server models, many of calls (requests) are handled and processed on the server side. AJAX allows a higher percentage of requests to be processed on the client side. This may give malicious users many options to modify any application code running on a client machine by exploring and testing the application for vulnerabilities.

To overcome this objective, developers should consider installing an appliance at the Internet gateway, which performs real-time code inspection of traffic flowing through the corporate network. High performance and high availability appliances capable of monitoring and acting swiftly to block any suspicious web traffic are paramount. Also, it is very important that developers develop the application with security in mind. Following the coding convention, having the code reviewed, testing the application thoroughly are all part of securing the application in the web.