Introduction
A significant characteristic of the Web 2.0 platform is that mobile users are the ones who undertake actions such as generation and uploading of content to the web sites. This is increasing evident as large enterprises are embarking on the adoption of Web 2.0 tools, which include blogs and RSS. With such features, the Web 2.0 is vulnerable to exploitation by malicious users, implying that organizations have to implement appropriate mobile security strategies (Lincoln & Mitchell, 2004). This paper discusses issues that are related to mobile security in a large enterprise relying on Web 2.0 technologies to carry out their functions.
Discussion
One of the most significant mobile threats associated with web 2.0 technologies is cross-site scripting, which allows malicious users and hackers to inject client-side script into web content that has already been accessed by other users. Basically, cross-site scripting provides a framework through hackers can evade the access controls. Cross-site scripting accounts for approximately 80 per cent of Web 2.0 threats; as a result, large enterprises should deploy appropriate strategies to combat this threat. In addition, the detection of attacks initiated by cross-site scripting is normally difficult and is used by malicious users to maximize the effects of the attacks. XSS uses the Browser Exploitation Framework to establish an attack on the user environment and the web content (Gollman, 2011).
The second mobile threat that Web 2.0 technologies is susceptible to is SQL injection attacks, which primarily entail the use of a code injection technique in order to take advantage of a security vulnerability associated with the Web 2.0 technologies (Gollman, 2011). Web 2.0 is susceptible to injection attacks due to the fact that users can generate and upload web contents to a web site. This in itself is vulnerability, through which malicious users can initiate an SQL injection attack. Other injection attacks can be initiated in the form of JavaScript Injection and XML injection. Because Web 2.0 technologies significantly depend on client side code, hackers make use of client-side input validation in order to evade the access controls.
The third issue associated with mobile security in Web 2.0 technology is information leakage that is initiated by user-generated content. Hackers exploit this feature of the Web 2.0 technologies to upload and run their malicious code on the web site. This could result to a large enterprise hosting an inappropriate content, which could not only result to cases of data breaches, but also affect the brand. Information leakage has significant effects on the operations of a company and normally serves as a threat to data integrity and confidentiality (Lincoln & Mitchell, 2004).
Insufficient anti-automation also makes the initiation of attacks on Web 2.0 applications easy. This is facilitated by the programmatic interfaces of most of the Web 2.0 applications. Inadequate anti-automation can foster the automated retrieval of information and the automated opening of accounts in order to facilitate access to the web content. Such threats can be curbed by the use of Captchas (Lincoln & Mitchell, 2004).
Information leakage is also another mobile security issue associated with Web 2.0 technologies. The aspect of mobility of Web 2.0 technologies facilitates content sharing, which can initiate a vulnerability that malicious users can exploit in order to gain access to the system.
Conclusion
It is arguably evident that the internet revolutionized the way businesses are conducted and how people undertake their work. The Web 2.0 is an important aspect of the internet that played a significant role in enhancing business functionality. A significant limitation is that with its increased usage implies increased risk; as such, they offer opportunities through which malicious users can inject and run malicious code in web content (Gollman, 2011).
References
Gollman, D. (2011). Computer Security. New York: John Wiley and Sons.
Lincoln, P., & Mitchell, J. (2004). Multiset rewriting and the complexity of bounded security protocols. Journal of Computer Security , 125-115.