I recently came across this article (make sure you read this). It came as a surprise to me that most of the developers including me do not consider security issues while developing Web2.0 applications.
Common issues:
1. SQL Injections
- Though we are aware of these type of issues but after the launch of Web 2.0, most of the developers focused only on validations and processing on client side using Javascript. Most of the server scripts which handle requests are vulnerable to SQL Injections.
2. Usage of unencrypted sensitive information like passwords etc.
- Ajax password validation to URL’s like: www.domain.com/validate.php?user=test&pass=mypassword
One could easily hack in to the javascripts to get such URL’s which process login or other important functions.
3. Possibilities of CSS (Cross Site scripting)