A significant characteristic of the Web 2.0 platform is that mobile users are the ones who undertake actions such as generation and uploading of content to the web sites. This is increasing evident as large enterprises are embarking on the adoption of Web 2.0 tools, which include blogs and RSS. With such features, the Web 2.0 is vulnerable to exploitation by malicious users, implying that organizations have to implement appropriate mobile security strategies (Lincoln & Mitchell, 2004). This paper discusses issues that are related to mobile security in a large enterprise relying on Web 2.0 technologies to carry out their functions.
One of the most significant mobile threats associated with web 2.0 technologies is cross-site scripting, which allows malicious users and hackers to inject client-side script into web content that has already been accessed by other users. Basically, cross-site scripting provides a framework through hackers can evade the access controls. Cross-site scripting accounts for approximately 80 per cent of Web 2.0 threats; as a result, large enterprises should deploy appropriate strategies to combat this threat. In addition, the detection of attacks initiated by cross-site scripting is normally difficult and is used by malicious users to maximize the effects of the attacks. XSS uses the Browser Exploitation Framework to establish an attack on the user environment and the web content (Gollman, 2011).
The third issue associated with mobile security in Web 2.0 technology is information leakage that is initiated by user-generated content. Hackers exploit this feature of the Web 2.0 technologies to upload and run their malicious code on the web site. This could result to a large enterprise hosting an inappropriate content, which could not only result to cases of data breaches, but also affect the brand. Information leakage has significant effects on the operations of a company and normally serves as a threat to data integrity and confidentiality (Lincoln & Mitchell, 2004).
Insufficient anti-automation also makes the initiation of attacks on Web 2.0 applications easy. This is facilitated by the programmatic interfaces of most of the Web 2.0 applications. Inadequate anti-automation can foster the automated retrieval of information and the automated opening of accounts in order to facilitate access to the web content. Such threats can be curbed by the use of Captchas (Lincoln & Mitchell, 2004).
Information leakage is also another mobile security issue associated with Web 2.0 technologies. The aspect of mobility of Web 2.0 technologies facilitates content sharing, which can initiate a vulnerability that malicious users can exploit in order to gain access to the system.
It is arguably evident that the internet revolutionized the way businesses are conducted and how people undertake their work. The Web 2.0 is an important aspect of the internet that played a significant role in enhancing business functionality. A significant limitation is that with its increased usage implies increased risk; as such, they offer opportunities through which malicious users can inject and run malicious code in web content (Gollman, 2011).
Gollman, D. (2011). Computer Security. New York: John Wiley and Sons.
Lincoln, P., & Mitchell, J. (2004). Multiset rewriting and the complexity of bounded security protocols. Journal of Computer Security , 125-115.