Web 2.0 Scripts Can Be A Threat Disguised in Data

There is no single definition for Web 2.0. There are many separate views on the term. But generally, Web 2.0 refers to the world wide web of today. It refers to the enhanced functionality and use of the internet. It is geared towards the enhancement of creativity and sharing of information. Web 2.0 facilitated the development of video and photo sharing, social networks, blogs and so on.

Tim O’Reilly relates Web 2.0 to business. According to him, it refers to this development in which business has taken the internet as its new platform. Business does so to take advantage of the benefits that the internet brings like gaining global exposure.

Web 2.0 data contains rich data. This means that they are not just merely data but embedded in them can be a series of scripts or programs. This is because Web 2.0 data allows formatting, markup, images, special characters and other syntax. While this has its advantage, it also presents threats and risks of possible attacks from applications or service suppliers.

By embedding the right Web 2.0 scripts, anything can execute data in the internet. The type of code used would depend on the destination of the data. It could be in Javascript, LDAP, shell script, SQL and others. For example, a malicious SQL can be integrated with a user query. This method is known as SQL injection.

Since there is no more just plain data in the internet today, data could be small programs for downstream systems. The problem is when codes are embedded maliciously. Something that seems harmless at the moment could be harmful when one’s system is able to reawake or decode a dormant attack.