Web 2.0 security issues

Web 2.0 is causing an explosion stretching the boundaries of what web sites can do. And in the rush to add features, security seems to have become an afterthought, both for participants as well as developers. Web 2.0 as a gestalt is an emmenthaler cheese (more holes than cheese).

At least the following threats for web (2.0) sites can be checked  to see if we require protection from those:

• Data modification or destruction of messages or data in databases, both intentional as well as unintentional.
• Illegal modification of programs.
• Invalid message sequencing.
• Repudiation.
• When promising more powerful encryption for paid users, encrypted messages need also be protected from traffic analysis threats.
• Incorporating SMTP email in database may be vulnerable to deduction of information threats. 
• Depending on which features of which social networking sites are used to relate to contacts and friends, and their protection state we may wish to add protection from leakage of information threats. 
• Children accounts definitely need protection from masquerading and illegal association threats. So do we.

In next articles I will focus on what network resources need to be protected and to what degree, and by what means security can be implemented by whom.