[funsec] 'Web 2.0 Charlatans' and 'Premature AJAXulation'
fergdawg at netzero.net
Mon Apr 14 21:43:55 CDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
This is probably my favorite new phrase. :-)
Via Reg Developer.
Forget a wave of Web 2.0 threats taking down your software, stealing your
data or exposing users - the real danger is posed by some existing attack
techniques. And it's IT charlatans peddling over-night AJAX solutions
that'll leave you vulnerable.
Two security experts from Microsoft and Hewlett Packard have warned against
"premature AJAXulation" - the practice of using quick fixes to turn
existing software in into Rich Internet Application wonders - saying these
are architecturally flawed.
Microsoft security program manager Bryan Sullivan, during a joint session
called Ajax Applications: A Blueprint for Disaster, told RSA: "People talk
about sexy new Web 2.0 attacks. What's going to break the internet are
these old Web 1.0 attacks like SQL injection, which works well against Web
2.0 applications. They are more efficient and more effective."
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
-----END PGP SIGNATURE-----
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec