Filed Under : 
Sep.8,2008Like most folks of a security bent (and if you’re reading this, that probably means you), we’ve spent a lot of time watching Web 2.0 with bemusement. Promiscuous sharing of information, client-side Javascript goop, blogging, mini-blogging, micro-blogging, vlogging, social nets and social media have all given the web much of what the starry-eyed latte-chugging idealists of Web 1.0 and the dot-bomb boom were yammering on about ten years ago: a platform for anyone to create content, to connect, to share, and to carve out a little space for themselves and a few million of their closest friends. All of the above, of course, seems to run absolutely orthogonal to everything those of us in InfoSec preach: “Validate all user input. Authenticate and tokenize everything. Sanitize all output. Audit the crap out of anything before it goes live. Limit functionality to core functional requirements. Trust no one.”
- from the paper “Satan is on my Friends List” by Nathan Hamiel & Shawn Moyer
Tags : 
