Archive for June, 2008
Strategic Security: Web Applications Scanners
Much as Web 2.0 carries with it a large amount of big ideas, many information security pros find themselves awake at night of the concept of RIAs. Rich Internet Applications splitting intelligence between client and server is a basic shift is a risky one given the sad state of browser security. On the other hand, while it affects only a subset of RIAs, the Ajax development model has both momentum and traits that make eliminating vulnerabilities a real challenge.
Even if web application scanners can help, the implementation remains to be tricky. For the review, the group decided to consider the entire decision making process instead of just focusing on boxed Web application scanners. At least four distinct paths to RIA and Ajax security were found.