Web 2.0 Security

I have written for the Open Group's Secure Enterprise 2.0 group a white paper about Web 2.0 security threats.

Discussing Web 2.0 security is difficult as Web 2.0 itself is somewhat blurry term. Most discussion on Web 2.0 security tends to be on the technical level, however Web 2.0 is not a technology, but rather a concept. When researching the issue, I was surprised to find out that Tim Barnes-Lee's, the Web conceiver views the original web as the 1st Web 2.0 implementation. After considering this, I tend to agree. Wikis are for sure a Web 2.0 application and they exist since 1994.

Wiki is a foster son of the Web 2.0 trend. Invented well before the web became common, let alone Web 2.0, Wikis do not have fancy interfaces and 21st century aura. However with real group collaboration, Wikis are one of the technologies most associated with Web 2.0.

In a recent OWASP Israel meeting I spoke about the very different security philosophy of Wikis and where it meets the more usual application security concerns. You can download the presentation from this page.