Issue No. 02 - Mar.-Apr. (2016 vol. 14)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2016.31
Benjamin Stritter , Friedrich-Alexander University of Erlangen-Nuremberg
Felix Freiling , Friedrich-Alexander University of Erlangen-Nuremberg
Hartmut Konig , Brandenburg University of Technology
Rene Rietz , Brandenburg University of Technology
Steffen Ullrich , genua gmbh
Alexander von Gernler , genua gmbh
Felix Erlacher , University of Innsbruck
Falko Dressler , University of Paderborn
Everyone loves Web 2.0 applications. They are easy to use and fast, and can be accessed from any computer or smartphone without installation. They let us easily communicate and share data with one another, shop simply, and access vast amounts of information. However, they're also frequently mentioned in connection with novel exploits, data leaks, or identity theft. Active content, tight integration, and the overall complexity of the continuously evolving Web 2.0 technology create new risks that we can hardly grasp. Turning back on the technology is not a solution because we would lose many features that we've come to rely on. But how can we achieve both a pleasant user experience and security in a place as messy as the Web 2.0 landscape? First, we can look to understand the wide range of attacks as well as the complex security situation and attack surface of Web 2.0 applications. Second, we can study the open research challenges in this field and assess how best to approach these issues.
Browsers, Computer security, HTML, Web 2.0, Forgery, Cascading style sheets, Encoding, Firewalls
B. Stritter et al., "Cleaning up Web 2.0's Security Mess-at Least Partly," in IEEE Security & Privacy, vol. 14, no. 2, pp. 48-57, 2016.