November 20, 2006 |
In my previous posting about Web 2.0 Security – Part 1, I talked about security compromises that are related to vulnerability associated with AJAX, which is known as cross-site scripting.
Examining further on this highly interesting topic of Web 2.0 security, let’s look at other factors that can pose threats to Web 2.0 applications that are gaining momentum of phenomenal acceptance by the public at large.
Because of highly interactive nature of Web 2.0 applications, there is a lot of traffic going back and forth between the server and the browser-running clients, passing along lots of XML-based data required to perform the tasks within the Web 2.0 application. While the XML technology itself is not new, the way it can be exploited by an attackers, due to the commonality of XML data travelling within the huge internet traffic, can be of concern.
XML parsing mechanism adopted at the server side (SAX and DOM) can be compromised by an attacker by way of producing what is called malformed XML that can disrupt logic intended for the Web 2.0 application. In addition to that, XML external entity reference is an XML property which can be manipulated by an attacker, leading to arbitrary file or TCP connection openings that can be leveraged by an attacker. XML schema poisoning is another method which can change execution flow. This vulnerability, if used in an ill-mannered way, can lead to confidential information theft, which is very worrying since there are an awful lots of personal information being transmitted within a web-based application.
Malicious AJAX code execution
AJAX is really a great invention that has helped spur the complexity and sophistication of Web 2.0 applications. But it doesn’t come without any price in terms of security. Using some methods common to web programmers, read hackers as well, it is possible to make an unauthorised AJAX call to any website, stealing whatever information saved in the cookies at that particular session.
One simple scenario in this security compromise is when you are performing a Web 2.0 based transaction that may involve personal information being saved by the cookie, maybe during an online purchase. It is not uncommon when we open another window to surf for other information while performing that transaction, only to eventually end up at an attacker site, which can silently make an AJAX call to the other website you are still performing some transaction, stealing your personal and sensitive information from that session.
Firefox users also are not spared from this vulnerability of AJAX technology. Check out how your personal information can be hacked and stolen just by browsing the internet using the highly popular Firefox browser.
I think that is enough for this reading about Web 2.0 Security – Part 2. In the next installment, I will try to cover more security issues presented by other technologies adopted by Web 2.0 application developers. Do subscribe to my RSS feed to get latest update on this topic in the future.