By Yoonjung Yoo
September 25th, 2006
One by one internet sites and major portals continue to upgrade their
sites with latest trend, web 2.0. But according to the experts, web 2.0
has many security vulnerabilities.
On the 18th, Daum Communications (Korea's second largest Internet firm
after NHN) introduced its AJAX based new homepage with improved UI (User
Interface), personalized oriented services. Once the users are logged
in, the newly designed start page enables checking e-mails, updates from
blog and cafe a breeze, all without having to go to different pages.
Yahoo! Korea also came out with its latest web 2.0/AJAX based homepage
last August 1. The beta version of the homepage which started in earlier
May now offers more personalized service to users.
Also in recent, SK communications (3rd behind Daum) introduced new (web
2.0) search engine service through its Nate and Cyworld websites. As the
trend indicates, web 2.0 is on the move toward user based service.
However, most of these web 2.0 based websites should not forget about
security vulnerabilities that exists in web 2.0, according to industry
Myspace.com & Yahoo incidents could be duplicated in Korea too With more
and more websites writing user interactive new programming techniques
and XML) also provides ways for hackers to hit a Web server and to
exploit sites, attack on visitors and increases the possibility of
malicious attacks through cross-site scripting flaws (XSS), experts
Counterparts to domestically running Cyworld, worm attacks on US'
myspace.com or Yamanner targeting Yahoo.com all reveal security
vulnerabilities with the web 2.0.
interactive driven web 2.0 service programs. But we know attacks on
Yahoo and myspace.com surfaced through security flaws in
incidents are indication of security flaws within the Web 2.0 that needs
to be addressed. The domestic portals too are vulnerable and there is no
guarantee that they will not get victimized like Yahoo or myspace.com."
to address his concerns.
To defend against these kinds of malicious attacks, the security experts
are recommending usage of internet firewalls. Of course the firewall
alone won't solve all of security issues but trying to rewrite web code
(long hours with higher cost), especially with lack of its ability to
defend using existing firewall. IDS, IPS is just ineffective.
Portals agree need for Firewall but implementation is another matter The
larger portals acknowledge the need to beef up web 2.0 security using
firewalls but due to their enormous traffic are unable to come up with
required equipments that can handle the job. The equipment that can
digest chatting, cafe blogs and all other contents simply are not
In addition, with all traffic generated from the web there is huge cost
involved with setting up internet firewall infrastructure. To defend
against hundreds of different domain will take huge expenses.
"Portals realize the need for firewalls but are unable to embody it
presently. And better managing parameters, prescreening for attacks,
finding weaknesses in source code are all they can do for now. However,
even with all these extra measures, in the end the whole process is
handled by a person so the error of margin always exists."
Knowing current market situation, recently SK's Infosec, an information
security outsourcer and Piolink putout 4 gig web firewall equipment to
attract those internet firms in need of better web security.
Head of SK Inforsec's business division Sungik Hwang said, "Up to now,
portals were reluctant to purchase the lower level security hardware and
wanted something that can handle more than 4 giga level. To meet the
need we plan to introduce 10 giga level web firewall equipment too."
"We are centering our business on larger portals and e-shopping malls.
In relatively short period, we should build up list of clients." head of
Piolink's marketing division Jangno Lee pointed out.
Visit the InfoSec News store!