This paper details various security concerns and risks associated with web 2.0 technologies such as Asynchronous Java script and XML (AJAX), Syndication, aggregation and notification of data in RSS or Atom feeds, mashups created by merging content from different sources. This paper also describes the security implications leading with the usage of web 2.0 technologies such as AJAX, RSS, and Mashups. Increase in application functionality leading to the emerging new web technologies (web 2.0). These new web technologies open more avenues to security threats to the online applications and users. Efficient protection mechanisms should be considered when dealing with web 2.0 technologies usage.

Now a days, web application security getting more prominent attention. This attention comes with the increase in the number of vulnerabilities in web applications due to the lack of proper security standards used in the development of the application.
• Cert/CC Statistics shows that 7120 Software Vulnerabilities were Reported in 2006
• 194 SQL Injection Vulnerabilities were found on BugTraq between 2005-jan and 2005-June
• Symantec highlights in its most recent Internet Security Threat Report that Web vulnerabilities constituted 69 percent of 2,249 new vulnerabilities identified for the first half of 2006, with 78 percent of “easily exploitable” vulnerabilities residing within Web applications.
• Directory Traversal is the 2nd most common attack on the internet as of the 2nd half of 2005
• Roughly 63% of the Web application vulnerabilities can be accounted for by 4 vulnerability classes: file inclusion, SQL injection, cross-site scripting, and directory traversal.

Regulations such as PCI, HIPAA,SOX etc and need for the protecting from the financial loss and reputation loss for organizations leads to surge in applications security.

Web 2.0 technologies provide collaborative, decentralized networking for online activities. It involves content participation from end users or consumers enhancements. Web 2.0 technologies involve active participation from users in terms of content contributions and content edition rather than users plays the roles of consumers in Web 1.0. Active user involvement contains activities such as Blogs, sharing information using syndications with the help of RSS/ Atom etc. Growth of technologies and user interaction increases the negative side of the online business in terms of malicious activities which affect the confidentiality, integrity and availability of information assets. These affect can lead to the unauthorized disclosure of sensitive data like SSN numbers, credit card details etc. which can lead to online business providers financial, and reputation loss.

Download pdf Web 2.0 Attacks Revealed