Video Screencast Help
Security Response

1 + 1 = 2.0, doesn’t it?

Created: 02 Jan 2007 08:00:00 GMT • Updated: 23 Jan 2014 18:53:52 GMT
Candid Wueest's picture
0 0 Votes
Login to vote

If I remember my math teacher correctly, then 1 + 1 = 2. Or, 2.0, to be trendy. In terms of the Internet today this could mean: Take one interactive Web solution plus one large user community and that will equal the next generation Web application. In 2006, we have seen many companies employing exactly this formula to create new Web services (some of which are very useful, while others are more for entertainment).

But in arithmetic you have to be sure to understand the variables you calculate with. If, like in this case, you deal with a very large active user group, then the chances of encountering people who don’t play by the rules are high. Therefore, it should be of no surprise that we have seen a rise in Web attacks toward the end of this year, especially considering the number of browser vulnerabilities that were discovered.

Jeremiah Grossman and others compiled a list of the Top 10 Web Hacks of 2006, which is a good overview of what happened in 2006 and gives a good idea of what will probably happen in 2007. On the list, you will find port scanners in Java Script, methods to illicitly view Web browser histories, and multiple XSS attacks. Also not forgotten are Web worms like the “Samy is my Hero” script that ran wild in MySpace this year. Many people do not take Web attacks seriously enough, but recent incidents have shown that they can be dangerous.

So if you are developing Web services according to the simple formula mentioned above, please keep the security aspect in mind. As some might say, the whole is more than the sum of its parts. In fact, after writing this article I would argue that 1 + 1 > 2, at least when extremely large values of 1 are involved.