Security Analysis of Web 2.0

This study in cooperation with the Federal Office for Information Security in Germany (Bundesamt für Sicherheit in der Informationstechnik, BSI Deutschland) covers the threats and risks as well as possible security methods and techniques, used within Web 2.0.

The study focuses mainly on JavaScript (Ajax) and provides a detailed description on how the trust relationship can be exploited. Attacks like cross-site scripting (XSS), cross-site request forgery (CSRF) or session hijacking against web applications are all covered and analyzed with and without JavaScript at the perspective of an attacker and the user.
The study is available at the official site of the BSI or here: web20_pdf (PDF).

Written 2008 for the
Federal Office for Information Security
Bundesamt für Sicherheit in der IT (BSI)

Bonn, Germany

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s