The first Web 2.0 security flaw was revealed
Fortify Software experts claim to discover the first security vulnerability in Web 2.0 and AJAX applications.
In the past, web developers often use Javascript to perform simple tasks such as changing images that show each mouse pointer passing or in web forms. But in the world of Web 2.0 Javascript is increasingly widely used in data transmission. That is the cause of a series of security issues.
Brian Chess - Fortify Software's leading researcher - said hackers could trick users into accessing a malicious website and steal their confidential data from the browser-based web applications themselves. . Simply because servers often do not apply Javascript security solutions even if they are used to transmit data.
" We named the attack method Javascript Hijacking. The consequence is that all the information stored on the server will fall into the hands of hackers ."
Fortify's research experts have tested dozens of different Web 2.0 platforms and concluded that every platform has Javascript Hijacking errors.
" If we look deep into Web 2.0 applications, we will discover security flaws whether it's Google's AJAX platform, Microsoft or some open-source firm ," Chess said.
Traditional web applications don't make the mistake, Mr. Chess said, simply because they don't use Javascript to transmit data.
Web 2.0 technology has become more and more popular and most e-commerce websites now apply this technology. Therefore, it is necessary to invest appropriate time to research and overcome all security errors.
Hoang Dung
- Security flaws are revealed only as
- Security threats from ... Xerox printers
- Microsoft: 'ActiveX error is just a mediocre error'
- Warning about new vulnerabilities in Symantec Antivirus
- Fix IE again discovered a new security error
- Detected an additional Wi-Fi security error
- 70 software has a security error
- McAfee accidentally fixes a serious error
- Detects the second security error in Firefox 2
- Dell laptop, HP fault Wi-Fi security
- D-Link product has a buffer overflow error
- Linux and Unix are severely flawed