Skip to main content

Compromised Web 2.0 Security and Querying the "Hidden Web"

Another newly discovered web security threat centers on the use of Web 2.0 and AJAX (Asynchronous JavaScript and XML) technologies for malicious activities.

While Web 2.0 and AJAX offer an enriched and improved user experience for Internet users, the technology also flings open the door to new malware propagation methods.

"By targeting high-traffic web sites, hackers have found an easy way to achieve mass propagation," Ben-Itzhak from Finjan said. "By either embedding malicious code in hosted Web content or by using AJAX to query the 'hidden web', hackers can create 'invisible' attacks since the code is never revealed on the site."

Ben-Itzhak noted that in order to protect users from malicious AJAX queries, enterprises require security solutions that are capable of analyzing each web request/reply "on the fly." "Behavior-based analysis of web content, performed on the gateway between the browser and web servers, is one effective method for doing this," he said.

"A further advantage of behavior-based security is that it analyzes each and every piece of content, regardless of its original source. This technology assures that malicious content will not enter the network even if its origin is a highly trusted site."

Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.