Compromised Web 2.0 Security and Querying the "Hidden Web"

Another newly discovered web security threat centers on the use of Web 2.0 and AJAX (Asynchronous JavaScript and XML) technologies for malicious activities.

While Web 2.0 and AJAX offer an enriched and improved user experience for Internet users, the technology also flings open the door to new malware propagation methods.

"By targeting high-traffic web sites, hackers have found an easy way to achieve mass propagation," Ben-Itzhak from Finjan said. "By either embedding malicious code in hosted Web content or by using AJAX to query the 'hidden web', hackers can create 'invisible' attacks since the code is never revealed on the site."

Ben-Itzhak noted that in order to protect users from malicious AJAX queries, enterprises require security solutions that are capable of analyzing each web request/reply "on the fly." "Behavior-based analysis of web content, performed on the gateway between the browser and web servers, is one effective method for doing this," he said.

"A further advantage of behavior-based security is that it analyzes each and every piece of content, regardless of its original source. This technology assures that malicious content will not enter the network even if its origin is a highly trusted site."