Hack in the Box – Web Application Attacks
The crux of this problem lies in the transference of traditional back-end roles from the server to end-clients. In the case of HTML5, for example, the browser, which has traditionally been viewed as a thin client, has evolved into a thick client with its own storage mechanisms, threading, etc. This change in mechanisms is driven by the shift towards cloud-based computing, which minimizes the amount of traffic generated by giving the client access to data in a more transparent and non-intrusive manner. Consequently, malicious attacks have become much harder to detect as more data and content are exchanged between client and server without the end user being aware of it.
Given that current web threat detection mechanisms depend on network traffic between the client and server, attacks utilizing Web 2.0 technologies often go unnoticed. To address this limitation, strong instrumentation of browsers (perhaps as an additional client-based software) is necessary. In terms of a proactive response, activities such as proper code reviews, secure programming practices and security audits of web applications are necessary in order to identify when threats emerge.
The challenges posed by Web 2.0 are not insurmountable. At present, zvelo continues to research and develop cutting-edge technologies capable of addressing such vulnerabilities, coupled alongside traditional solutions that have proven to be effective in mitigating online threats.