Since 2004, web 2.0 has become a renowned technology term that has changed the traditional way of using World Wide Web technology. This technology has played a vital role towards increased creativity, information sharing, online collaborations, data sharing, communication and overall usage of the web. Whether they realize it or not, anyone who uses the internet utilizes web 2.0 technologies like wikis, social networking sites, blogs, media sharing sites and RSS feeds. The major aspect of web 2.0-oriented software and programs is that they can be used dynamically and users can customize them according to their preferences.

Web 2.0 is a strong technology laced with many powerful security measures. However, recent data breaches on various web 2.0-based websites, like Facebook, have urged companies to improve the security features of their applications and websites. There are 2 possible ways to address the security in the web 2.0 world.

   1. Application-level security
   2. Personal- and enterprise-level security


Application-level security:
Web 2.0 applications require implementing strong server-side technologies like PHP, Java and .NET. Meanwhile, Ajax, XML, JavaScript and other Rich Internet Applications are used as the presentation and client-side technologies so that web applications behave more or less like desktop applications.

In web 2.0 technologies - along with other traditional web services like HTML, XML and JSP - two types of protocols can be implemented for application-to-application communication. The use of these protocols depends upon the nature of the web service architecture that is being implemented. SOAP protocol is used as an end-to-end application layer in web services where message-level security is required. REST (Representational State Transfer) is used in end-to-end application layers where a large amount of data is accessed, as in a case of accessing the website of an enterprise and downloading data through a specified download URL.

Both SOAP and REST are responsible for providing security measures for the data being transferred through them. SOAP contains sensitive information like port and server names in its header so it is responsible for data-level security, and REST is responsible for the security of sensitive information on websites, which it handles by generating security authentication error messages.

Even if you have strong security at application-level, it is still possible to have data leakage since the contents of most feeds are HTML-, XML-, JSP- and ASP-based pages. Data can be accessed illegally through the use of buffer overflow, feed injections, content spoofing, cross-site scripting, forgery and zero day attacks.

The major reason behind these data attacks is that the client-side applications have become more powerful and the technologies being used at client-side like AJAX and JSP can contain sensitive information. Precautionary measures must be taken, defining when and how much information should be visible to the client in order to secure web applications.

Personal & Enterprise Level Security:
Web 2.0 has made the world a global village in the true sense. People can collaborate with each other whenever and wherever they want. All they need is access to the internet. The collaboration among people has increased to such an extent that many people do not think about the risk that comes with sharing sensitive information over social networking websites like Facebook, MySpace and Orkut. Due to the misuse of these websites, many users have had problems with identity theft.

Web 2.0 is being extensively used by companies and enterprises to simplify the communication and collaboration models of their organizations. For enterprises, web 2.0 has brought many benefits including improved business models, product feedback, easy web-based marketing and improved internal and external collaboration. The increased collaboration among employees and the weak implementation of the web 2.0 applications across the enterprise are responsible for data loss and security threats.

Some major steps that can be taken to improve the security of data in web 2.0 applications at enterprise level include:

    * Secure configuration of web servers
    * Use of encrypted data
    * Restricting the use of social networking sites by employees while at work
    * Authenticated connections to data
    * Regular maintenance and audits of internal and external networks
    * Individual systems equipped with up to date enterprise-level security software


By having improved security procedures, certified authentications and sensible sharing of information, one can enjoy all the advantages of web 2.0 applications while staying secure.


References:
John Edwards, “Best Practices for Web 2.0 Security” retrieved  Dec 22nd , 2008 from
“ http://www.itsecurity.com/features/web-2-security-021208/”

Joris Evers, “The Security Risk in Web 2.0” retrieved Dec 22nd, 2008 from “http://news.cnet.com/The-security-risk-in-Web-2.0/2100-1002_3-6099228.html”