Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,741
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
30
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • http://www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/what-is-web-20.html
  • http://www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/what-is-web-20.html
  • onon Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • 1. "Technology Trigger" The first phase of a Hype Cycle is the "technology trigger" or breakthrough, product launch or other event that generates significant press and interest. 2. "Peak of Inflated Expectations" In the next phase, a frenzy of publicity typically generates over-enthusiasm and unrealistic expectations. There may be some successful applications of a technology, but there are typically more failures. 3. "Trough of Disillusionment" Technologies enter the "trough of disillusionment" because they fail to meet expectations and quickly become unfashionable. Consequently, the press usually abandons the topic and the technology. 4. "Slope of Enlightenment" Although the press may have stopped covering the technology, some businesses continue through the "slope of enlightenment" and experiment to understand the benefits and practical application of the technology. 5. "Plateau of Productivity" A technology reaches the "plateau of productivity" as the benefits of it become widely demonstrated and accepted. The technology becomes increasingly stable and evolves in second and third generations. The final height of the plateau varies according to whether the technology is broadly applicable or benefits only a niche market
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • Web 2.0 for Libraries 29 April 2010 (c) Karen Blakeman 2008
  • “ Ajax” is an acronym which stands for Asynchronous Javascript and XML. Knowing what the letters stand probably doesn’t make it any more clear, so let’s look at a graphic to see what this is all about. In the typical web application, each time you click on a link, your browser contacts a server, which sends back a whole new page. When you click on the next link, this round trip happens again, refreshing the page every time. That is what Ajax is trying to fix. An Ajax application starts off the same way, when it brings in the initial page. But after that, Javascript on the page makes background calls back to the server, and uses that new data to update only a portion of the page. This delay is much less noticeable, and therefore the application feels more responsive. Ajax, by its very nature, requires discrete services that are well-tuned to the needs of the web page, so you can minimize processing on the client side. These might not be the services you happen to have though. It may drive requirements for new services from your IT department
  • Billy Hoffman runs HP Security Labs, author of Ajax Security (Addison-Wesley)
  • Reference - http://www.forbes.com/2008/05/14/web-hacking-google-tech-security08-cx_ag_0514webhack.html

Transcript

  • 1. Presented by: Prof Mark Baker ACET, University of Reading Tel: +44 118 378 8615 E-mail: Mark.Baker@computer.org Web: http://acet.rdg.ac.uk/~mab A General Introduction to Web 2.0 Technologies and Applications [email_address] March 23, 09
  • 2. A General Thanks
    • Firstly, I would like to say a big THANK YOU to all the speakers that I have harassed over the last couple of months to participate in this workshop.
    • The event has talks on:
      • Web 2.0 technologies ,
      • Clouds ,
      • User/Usability,
      • Application ,
      • Tutorials , which should help start people in some of these technology areas.
    [email_address] March 23, 09
  • 3. Outline
    • General Introduction,
    • What is Web 2.0?
    • Gartner Hype Curve …
    • Web 2.0 Technologies:
      • Wikis, Blogs, RSS, Tagging,
      • Social networking,
      • Flickr, Slideshare, YouTube,
      • Twitter, REST AJAX,
      • iGoogle, google gadgets,
      • Web Semantics, Twine,
      • Security concerns,
    • Summary/Conclusions.
    [email_address] March 23, 09
  • 4. General Introduction
    • Various technologies seem to appear in waves, some are taken up and are successful, and others die out quickly.
    • I have been working in the parallel, distributed computing and HPC arena for 20+ years.
      • Seen lots of interesting technologies come and go!
        • CORBA, Jini … etc…
      • Spent a lot of time work on grid technologies and e-Science.
    • However, the Web 2.0 area seems to have been one of those domains of interest that has taken off like a rocket!
    • Hence the keen interest with this workshop, and the Edinburgh eSI theme that is exploring – ”The Influence and Impact of Web 2.0 on e-Research Infrastructure, Applications and Users”…
    [email_address] March 23, 09
  • 5. General Introduction
    • It would be easy to ask questions as to why we want to explore this area … but these are some reasons!
    [email_address] March 23, 09
  • 6. What is Web 2.0?
    • Tim O'Reilly first coined the term back in 2004.
      • The terms became more significant after the O'Reilly Media Web 2.0 conference in 2004.
    • Tim O'Reilly said that “Web 2.0 is the business revolution in the computer industry caused by the move to the Internet as a platform , and an attempt to understand the rules for success on that new platform” …
    • Many of us back in those days really wondered exactly what Web 2.0 was…!?
      • At that stage we thought the Web 2.0 stack was fairly empty… but since those days the extent that people collaborate, communication, and the range of tools and technologies have rapidly changed.
    [email_address] March 23, 09
  • 7. What is Web 2.0?
    • Another more compact! description from Tim O'Reilly…
      • Web 2.0 is the network as platform , spanning all connected devices;
      • Web 2.0 applications are those that make the most of the intrinsic advantages of that platform :
        • Delivering software as a continually-updated service that gets better the more people use it,
        • Consuming and remixing data from multiple sources, including individual users, while providing their own data and services in a form that allows remixing by others,
        • Creating network effects through an "architecture of participation," and going beyond the page metaphor of Web 1.0 to deliver rich user experiences.
    [email_address] March 23, 09
  • 8. Web 2.0
    • Web 2.0 has many aspects:
      • Business Models that survived and have promise for the future.
      • Approaches such as services instead of products, the Web as a platform, ...
      • Concepts such as folksonomies, syndication, participation, reputation, ....
      • Technologies such as AJAX, REST, Tags, Microformats, ...
      • And many others ...
    [email_address] March 23, 09
  • 9. What is Web 2.0 ?
    • A concept not a product.
    • A way of thinking.
    • A way of working – collaborative and social.
    • About:
      • Sharing information with others,
      • Information coming to you,
      • De ciding how you receive and view the information.
    • All sorts of technologies but….
    • Examples:
      • Blogs, RSS, Wikis, social bookmarking (e.g. Furl, Del.icio.us, Connotea) Flickr, Facebook, MySpace, web based forums, email discussion lists, YouTube, Second Life……
    March 23, 09 [email_address]
  • 10. Gartner Hype Curve [email_address] March 23, 09
  • 11. Gartner's 10 strategic technologies for 2009
    • The "potential for significant impact on the enterprise in the next three years":
      • Virtualization,
      • Cloud computing,
      • Servers (beyond blades),
      • Web oriented architectures,
      • Enterprise mashups,
      • Specialised systems,
      • Social software / networking,
      • Unified communications,
      • Business intelligence,
      • Green IT.
    [email_address] March 23, 09
  • 12. Web 2.0
    • Web 1.0  Web 2.0
    • DoubleClick  Google AdSense
    • Ofoto  Flickr
    • Akamai  BitTorrent
    • mp3.com  Napster
    • Britannica Online  Wikipedia
    • personal web sites  Blogging
    • Evite  Upcoming.org and Events and Venues Database
    • Domain name speculation  Search engine optimisation
    • Page views  Cost per click
    • Screen scraping  Web Services
    • Publishing  Participation
    • Content management systems  Wikis
    • Directories (taxonomy)  Tagging ("folksonomy")
    • Stickiness  Syndication
    • From Tim O’Reilly’s “What is Web 2.0”on O’ReillyNet, 9/30/2005;
    • http://www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/what-is-web-20.html?page=1
    [email_address] March 23, 09
  • 13. Wikis
    • wiki-wiki – Hawaiian meaning quick.
    • First wiki was the WikiWikiWeb, Ward Cunningham 1995.
    • A collaborative web application that allows users to easily add and edit content.
    • Can be used for:
      • Developing documentation,
      • Project management:
        • History keeps a record of the changes and different versions of the documents.
      • Developing a conference programme.
    • Encourages collaboration.
    • Many have blog like discussion areas and RSS feeds.
    March 23, 09 [email_address]
  • 14. Wikis
    • Relatively standardised format and layout “Makes our contributors concentrate on content rather than wasting time on pretty layouts”.
    • Default in most Wikis will let anyone create and edit a page:
      • Need to protect Admin functions and limit creation, edit and access rights,
      • Can “lock” individual pages or sections,
      • Can require registration to set up new pages or edit existing ones.
    March 23, 09 [email_address]
  • 15. Wikipedia March 23, 09 [email_address] Option to edit the page
  • 16. Wikipedia (2) March 23, 09 [email_address] No edit option
  • 17. Wikipedia - history March 23, 09 [email_address] Date of edits Author/editor
  • 18. What are wikis used for in real life?
    • Wikis for training materials and conference organising:
      • NeSC/eSI do this.
    • Wikis for compiling subject guides.
      • We create manuals/user-guides in our private Wiki, then have some PHP that lets us expose the content to the public.
    • Using a Wiki on an Intranet for internal purposes.
    March 23, 09 [email_address]
  • 19. Blogs
    • What is a Blog?
      • Short for web log,
      • Content management system that publishes information chronologically,
      • Content can range from self-indulgent drivel to extreme depth,
      • Easy to use and publish from anywhere, therefore there is a high proportion of utter rubbish in the “ blogosphere ”,
      • Blogs automatically generate RSS feeds.
    March 23, 09 [email_address]
  • 20. Anatomy of a Blog (2) March 23, 09 [email_address] Archives List of recent posts Tags Blogroll of related blogs
  • 21. Applications of Blogs
    • Instead of, or in addition to, a printed, emailed or static web-based newsletter:
      • Current awareness for staff, users, researchers and clients - “What’s new”,
      • Publicising new services/products, encourage feedback via comments.
    • Marketing tool inside and outside of the organisation.
    • Recording professional development and reflective practice plus project development and discussions.
    • Comments or “suggestions” box.
    • Monitor blogs for information and competitor intelligence.
    • Alternative publishing medium.
    March 23, 09 [email_address]
  • 22. Blogs as sources of information
    • Blogs by industry gurus and experts are a good way of keeping up to date with what is happening in a particular sector.
    • Look for the Blogroll of List of Links on a relevant blog.
    • Google Blogsearch http://www.google.com/blogsearch
      • Uses advanced search to search within an individual blog.
    • Ask http://www.ask.com/ – Blogs and feeds.
    • Live Feeds search - http://search.live.com/feeds.
    • Blog search engines and directories:
      • http://www.technorati.com/
      • http://www.blogpulse.com/
      • http://www.quacktrack.com/
    March 23, 09 [email_address]
  • 23. What is RSS?
    • Stands for Really Simple Syndication, or Rich Site Summary or RDF site summary.
      • Depends on version:
        • Rich Site Summary (RSS 0.9x),
        • RDF Site Summary (RSS 0.9 and 1.0),
        • Really Simple Syndication (RSS 2.x).
      • Also ATOM (Google).
      • Written in XML.
      • Look for the orange logos.
    • A means of delivering headlines, alerts, tables of contents.
    March 23, 09 [email_address] Regarded as the de facto standard
  • 24. Why RSS is not that popular? March 23, 09 [email_address] Y ou need a feed “reader” …
  • 25. http://www.google.com/reader March 23, 09 [email_address] … .like Google Reader
  • 26. RSS instead of email
    • Reduces the overload in your email inbox.
    • By-passes spam filters.
    • Quicker and easier to scan and spot individual headlines within an alert or newsletter and decide what is relevant.
    • Can set up filters to pick up stories that mention specific products, companies...
    • You control when you receive and read the feeds.
    • Easier to “unsubscribe”.
    March 23, 09 [email_address]
  • 27. Tagging on Del.icio.us [email_address] March 23, 09
  • 28. Some Common Uses for Del.icio.us
    • Storing bookmarks online so they can be accessed from the Internet.
    • Consolidating bookmark collections to eliminate the confusion of attempting to locate bookmarks stored on multiple computers.
    • Personal interests – shopping, vacations, hobbies, and so on.
    • Academic Pursuits – keeping track of online source materials in one location.
    • Sharing – Bookmarks via the public.
    • Expertise Mining – all bookmarks on del.icio.us have been chosen by a human being.
      • Exploring the results of their previous searches is a great labour saver
    [email_address] March 23, 09
  • 29. [email_address] March 23, 09
  • 30. Facebook Facts
    • Not just for College students anymore.
    • Anyone with a valid e-mail address can join…
    • Over 175 million active (users who have returned to the site in the last 30 days).
    • Company has 700+ employees.
    • More than half of Facebook users are outside of college with the fastest growing demographic being those 30 years old and older.
    • Average user has 120 friends on the site .
    • More than 3 billion minutes are spent on Facebook each day (worldwide).
    • http://www.facebook.com/press/info.php?factsheet (Feb/09)
    [email_address] March 23, 09
  • 31. Facebook [email_address] March 23, 09
  • 32. [email_address] March 23, 09
  • 33. Flickr
    • http://www.flickr.com/
    • Owned by Yahoo!
    • Share photos with selected individuals or make public.
    • Put photos of your library’s or organisation’s events on Flickr:
      • Promote your department, information centre, organisation,
      • Direct journalists to your “album” when they ask for photos to accompany articles about you,
      • Make sure you tag and describe them,
      • Organise into sets,
      • Decide on copyright and Creative Commons licenses.
    March 23, 09 [email_address]
  • 34. Flickr March 23, 09 [email_address]
  • 35. Slideshare,
    • Share presentations.
    • Include an accompanying commentary.
    • Keep private, share with selected people, or make public.
    • Slideshare does not keep animations and embedded links.
    • Slideshare - http://www.slideshare.net/
    • Embed Slideshare in your blog, web site, Facebook profile, start page ……..
    March 23, 09 [email_address]
  • 36. Slideshare March 23, 09 [email_address]
  • 37. YouTube
    • http://www.youtube.com/
    • Owned by Google.
    • Videos of varying content and quality:
      • News broadcasts,
      • Various videos and corporate broadcasts,
      • PR, advertising campaigns,
      • Videos of events, new service launches, anything,
      • The Queen has a YouTube channel!
        • http://www.youtube.com/user/TheRoyalChannel
    • Embed YouTube videos in your Blog, Facebook page, start page, web site etc.
    March 23, 09 [email_address]
  • 38. Twitter
    • http://www.twitter.com/
    • Microblogging:
      • “ tweets” are 140 characters,
      • What are you doing?
      • “ follow” friends,
      • Lots of plugins for your browser and desktop e.g. TwitKit,
      • Send first 140 characters of your blog postings to Twitter using http://twitterfeed.com,
      • Add Twitter to your Facebook profile.
    • Search for friends and colleagues, and topics:
      • Twitterment, Tweet Scan etc.
    • Analyse a person’s tweets with Tweet Clouds:
      • http://www.tweetclouds.com/
    March 23, 09 [email_address]
  • 39. Twitter March 23, 09 [email_address]
  • 40. Who is on Twitter? March 23, 09 [email_address] The BBC The Times 10 Downing Street
  • 41. Conference Twitter Streams
    • “ Blogging conferences is so 20 th century!”
      • Twitterers/tweeters abound at conferences,
      • The INSOURCE Conference Twitter Experiment http://www.rba.co.uk/wordpress/2008/02/11/the-insource-conference-twitter-experiment/ ,
      • Can set up a Twitter event stream,
      • Delegates, conference chairs, moderators can all comment on and monitor the proceedings,
      • Send tweets to your blog using LoudTwitter:
        • Generates a chronological list of your tweets by day and with the oldest listed first,
        • Easier to read as a record of the event.
    March 23, 09 [email_address]
  • 42. Second Life March 23, 09 [email_address]
  • 43. What next?
    • Play and experiment.
    • You do not have to try everything.
    • Focus on what you think will make your work easier, more productive, more effective.
    • If it does not work or it takes longer to carry out a task without significant benefits, ditch it!
    • There is no law that says you have to use something just because it has a Web 2 .0 tag.
    March 23, 09 [email_address]
  • 44. What is AJAX ?
    • AJAX is the acronym for Asynchronous JavaScript and XML.
    • The purpose is to create more dynamic and responsive web pages
    • It is also about building web clients in a Service Oriented Architecture that can connect to any kind of server: J2EE, PHP, ASP.Net, Ruby on Rails, etc.
    • AJAX involves existing technology and standards:
      • JavaScript and XML
    • Pattern: Page view displayed in a web browser where it retrieves data or mark-up fragments from a service and refreshes just a part of the page.
    [email_address] March 23, 09
  • 45. What is AJAX ?
    • AJAX is non-trivial, it requires deep and broad skills in web development .... but the benefits to be gained can be huge compared to classic web applications.
    • AJAX enables major improvements in responsiveness and performance of web applications, e.g. used at Yahoo! Mail, Google Maps, live.com, and others.
    • AJAX is NOT hype – it is very real and very useful for highly interactive applications.
    [email_address] March 23, 09
  • 46. AJAX compared to classic Web UIs Browser Server Browser Server service In the typical web application, each request causes a complete refresh of the browser page An Ajax application begins the same way. After the initial page loads, Javascript code retrieves additional data in the background and updates only specific sections of the page [email_address] March 23, 09
  • 47. What is REST ?
    • REST is the acronym for “Representational State Transfer“ – an architectural model for the Web!
    • Principles of REST:
      • Resource centric approach,
      • All relevant resources are addressable via URIs,
      • Uniform access via HTTP – GET, POST, PUT, DELETE,
      • Content type negotiation allows retrieving alternative representations from same URI,
    • REST style services:
      • Easy to access from code running in web browsers, any other client or servers - popular in the context of AJAX
      • Takes advantage of the Web caching infrastructure
      • Can serve multiple representations of the same resource
    • See - http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm
    [email_address] March 23, 09
  • 48. Tycho A Resource Discovery Framework and Messaging System for Distributed Applications http://acet.rdg.ac.uk/projects/tycho/ March 23, 09 [email_address]
  • 49. Tycho Architecture
    • Tycho consists of the following components:
      • Mediators that allow producers and consumers to discover each other and establish remote communications,
      • Consumers that typically subscribe to receive information or events from producers,
      • Producers that gather and publish information for consumers.
    • There is an asynchronous messaging API .
    • In Tycho, producers and/or consumers (clients) can publish their existence in a Virtual Registry (VR).
    March 23, 09 [email_address]
  • 50. Tycho Design
    • Tycho is a based on a publish, subscribe and bind paradigm.
    • Design Philosophy:
      • We believed that the system should have an architecture similar to the Internet, where every node provides reliable core services, and the complexity is kept, as far as possible, to the edges:
        • The core services can be kept to the minimum, and endpoints can provide higher-level and more sophisticated services, that may fail, but will not cause the overall system to crash.
      • We have kept Tycho’s core small, simple and efficient, so that it has a minimal memory foot-print, is easy to install, and is capable of providing robust and reliable services.
      • More sophisticated services can then be built on this core and are provided via libraries and tools to applications.
    • Allows Tycho to be flexible and extensible so that it will be possible to incorporate additional features and functionality.
    March 23, 09 [email_address]
  • 51. iGoogle [email_address] March 23, 09
  • 52. iGoogle
    • iGoogle portal is a free Google service,
    • Is a customisable web portal,
    • Users can add “Gadgets” to the page,
    • Customisations are saved to the user’s account and retrieved when logging in again.
    [email_address] March 23, 09
  • 53. Google Gadgets [email_address] March 23, 09
  • 54. Google Gadgets
    • Gadgets are small user interface components:
      • Could also be called portlets or widgets.
    • Example: eBay Search Plus Gadget.
    [email_address] March 23, 09
  • 55. Gadgets are Dynamic Web Applications
    • Gadgets can be static, but then are of limited use.
    • Dynamic Gadgets are more common.
    • Three general approaches when making a dynamic gadget:
      • Time dynamic – the content changes over time, e.g. a news gadget,
      • User input dynamic – the content changes via a user interacting with the gadget (forms and links),
    • User preference dynamic – the user sets preferences that persist across user sessions (e.g. eBay).
    • Gadgets need not include a page header/footer, they focus on the specific application they surface.
    [email_address] March 23, 09
  • 56. Gadgets are NOT hosted by Google
    • Google Gadgets can be created by anyone.
    • Gadget must be deployed on a public web server.
    • Once deployed, anyone can use the Gadget.
    • iGoogle supports a Gadget library to help users find Gadgets they may want to use.
    [email_address] March 23, 09
  • 57. Google Gadgets are Web Pages
    • Google Gadgets are implemented behind public URLs.
    • Any public server that speaks HTTP and returns HTML can be a Gadget host:
      • Apache web server,
      • PHP,
      • Ruby on Rails,
      • ASP .NET,
      • Java Application Servers (Servlet Containers).
    • Important: Your web server must be exposed to the Internet!
    [email_address] March 23, 09
  • 58. Approaches to Web Semantics
    • Tagging,
    • Statistics,
    • Linguistics,
    • Semantic Web:
      • RDF – Store data as “triples”,
      • OWL – Define systems of concepts called “ontologies”,
      • Sparql – Query data in RDF,
      • SWRL – Define rules,
      • GRDDL – Transform data to RDF.
    • Artificial Intelligence.
    March 23, 09 [email_address]
  • 59. A Mainstream Application of the Semantic Web… March 23, 09 [email_address]
  • 60. What is Twine?
    • Twine is a new service for managing and sharing information on the Web.
    • Works for content, knowledge, data, or any other kinds of information.
    • Designed for individuals and groups that need a better way to organise, search, share and keep track of their information.
    March 23, 09 [email_address]
  • 61. How Twine Works
    • Collect or author structured or unstructured information into Twine via email, the Web or the desktop.
    • Twine creates a knowledge web automatically:
      • Understands, tags and link information automatically,
      • Automatically does further research for you on the Web,
      • Organises information automatically.
    • Provides semantic search, discovery and interest tracking.
    • Helps you connect with other people and groups to grow and share knowledge webs around common interests.
    March 23, 09 [email_address]
  • 62. Security Issues
    • The Web Browser is now the Web 2.0 platform.
    • It needs cross application features with a solid security model.
      • For example - currently, one area that has not been solved in Web 2.0 is that the browser does not sandbox the various Web 2.0 components that you may need to use.
      • So for example if you are using mashups from various sources (google/amazon/yahoo) within the browser the JS from one component can interact with the JS of another component, play with your cookies and probably screw other browser hosted components!
    • Google search - Web 2.0 security issues - gave MANY hits!
    • Many area of Web 2.0 that are open security issues, probably AJAX is one of the biggest!
    March 23, 09 [email_address]
  • 63. Security
    • AJAX is a hacker's dream come true.
    • It offers an increased attack surface ,
      • Direct API access,
      • Vulnerability to reverse engineering,
      • Susceptibility to amplifying Web attacks,
      • Vulnerability to offline attacks.
    • In general, if you want to secure AJAX applications you must do six things:
      • Perform authentication/authorisation checks on both Web pages and Web services,
      • Group code libraries by function,
      • Validate all input for your application, including HTTP headers, cookies, query string and POST data,
      • Verify data type, length and format,
      • Always use parameterised queries,
      • Always encode output appropriately.
    March 23, 09 [email_address] Source: Billy Hoffman runs HP Security Labs, author of Ajax Security (Addison-Wesley)
  • 64. Firebug - Great Debugging/Hacking Tool March 23, 09 [email_address]
  • 65. SQL Injection
    • SQL injection plays on a simple problem:
      • A Web page's input fields often fail to distinguish between innocent user data - information like names or dates - and malicious commands,
      • When a hacker's hidden instructions are entered into a Web site's input forms, the site may confuse them with user data and pull the commands into its SQL database, where they can become integrated into the database's code.
      • That lets the hacker access the site's data or add commands to the page so as to infect a visitor with malicious software,
      • A survey of major Web sites by the Web security firm White Hat Security found that 16% of sites were vulnerable to this tactic.
    [email_address] March 23, 09
  • 66. Cross-Site Scripting
    • About 65% of the major sites surveyed by security analysts White Hat Security are vulnerable to an attack called cross-site scripting , which allows a disturbing upgrade to phishing attacks.
    • The typical phisher e-mails users a link that brings them to a fraudulent site, conning them into sharing credit card information or other sensitive data.
    • In a cross-site scripting attack, the link instead folds hidden command into a destination site's code.
    • That means even a legitimate page can be secretly tweaked so that when a user enters bank codes or other sensitive information, the data ends up in the hands of the phisher.
    • The threat of cross-site scripting is yet another reason to watch out for links in unfamiliar e-mails.
    [email_address] March 23, 09
  • 67. Cross-Site Request Forgery
    • Cross-site request forgery, sometimes known as "sidejacking”, takes advantage of a vulnerability that is common to password-protected Web pages.
    • When a user logs in to a private site their identity is marked with a "cookie” - a temporary file downloaded to a user's browser.
    • But if that user can be tricked into visiting a malicious site, while still logged in to that password-protected page, the second site can secretly steal his or her cookies, and with them, the user's access to the first site's private information.
    [email_address] March 23, 09
  • 68. Google Hacking
    • About two out of every three Web searches starts at Google.
    • So, it seems, do many attacks on Web sites.
    • "Google hacking" uses the search engine to probe the entire Web for sensitive information or hackable vulnerabilities in code.
    • Just by entering the right search string, for instance, hackers are sometimes able to find repositories of credit card information or social security numbers stored on the Web.
    • Recently, an attack seeming to originate in China used Google to probe the Web for sites vulnerable to a certain strain of SQL injection, targeting more than half a million pages and infecting them with malicious software.
    [email_address] March 23, 09
  • 69. Forced Browsing
    • In some cases, "hacking" a Web site is as simple as changing a single digit in a Web address.
    • By shifting the characters in a page's address that refers to a name or date, a malicious user can sometimes gain access to pages they are not intended to see, a process security professionals call "forced browsing.”
    • In 2006, Phil Angelides, a Democratic contender in the California gubernatorial campaign, was accused of hacking rival Arnold Schwarzenegger's Web site and obtaining a confidential audio file.
    • But a source close to the Democratic campaign told News.com that Angelides' aides had merely tampered with a URL to find the file.
    [email_address] March 23, 09
  • 70. Timing Attacks
    • As much as Web sites try to hide their inner workings from hackers, some pages reveal information in signs as subtle as how quickly they load.
    • Security researchers have shown that software that guesses random usernames on a Web application's login page sometimes reveals which usernames are valid even without a password - that is because a valid username causes the site to pause for a slightly shorter time than an incorrect username would.
    • In some cases, spammers can use that simple trick to collect thousands of valid e-mail addresses, which they then target!
    • In a 2005 issue of the hacker magazine 2600, another researcher revealed how to use timing analysis to determine the dealer's hand in an online blackjack gambling site.
    [email_address] March 23, 09
  • 71. Captcha Breaking
    • One major challenge for security professionals is distinguishing humans from software "bots" on the Web.
    • In a webmail service, for instance, users are shown a "captcha," a distorted word or image, and asked to identify the text or picture.
    • The goal is to foil software designed to sign up for accounts for the purpose of churning out spam.
    • But in some cases, spammers have beaten the countermeasure by creating sites that enlist users to solve captchas by the hundreds in exchange for pornographic images.
    • Google's Gmail captcha was the latest victim of cybercriminals.
    • Because the site offers an audio function that reads captchas aloud for blind users, hackers were able to use speech-to-text software to defeat the test automatically.
    [email_address] March 23, 09
  • 72. Distributed Denial Of Service
    • Sometimes a hacker's goal is not to steal information or infect users with malicious software but rather to a shut down a site altogether.
    • In those cases, cyber-criminals often employ distributed denial of service attacks (DDOS), a technique that floods a Web server with requests for information and overwhelms it.
    • Using botnets, armies of unsuspecting computers are hijacked with invisible software, cyber-criminals can vastly multiply the size of their attacks and also mask their origins.
    [email_address] March 23, 09
  • 73. Conclusions
    • More and more people are using Web 2.0 technologies – the other speakers within this workshop will present and show how these technologies and ideas are helping their research.
    • Some people like the ideas related to Web 2.0, other feel they are not good!
    • There has been a lot of discussion on the Internet about Web 3!
    • Jim Hendler sees Web 3.0 as the “ Semantic Web technologies integrated into, or powering, large-scale Web applications ”.
    • From my own view point, Web 3.0, will probably be the integration of Web 2.0 and the Semantic Web.
    [email_address] March 23, 09
  • 74. Web X Roadmap Connections between people Connections between Information Email Social Networking Groupware Javascript Weblogs Databases File Systems HTTP Keyword Search USENET Wikis Websites Directory Portals 2010 - 2020 Web 1.0 2000 - 2010 1990 - 2000 PC Era 1980 - 1990 RSS Widgets PC’s 2020 - 2030 Office 2.0 XML RDF SPARQL AJAX FTP IRC SOAP Mashups File Servers Social Media Sharing Lightweight Collaboration ATOM Web 3.0 Web 4.0 Semantic Search Semantic Databases Distributed Search Intelligent personal agents Java SaaS Web 2.0 Flash OWL HTML SGML SQL Gopher P2P The Web The PC Windows MacOS SWRL OpenID BBS MMO’s VR Semantic Web Intelligent Web The Internet Social Web Web OS Nova Spivack CEO & Founder Radar Networks March 23, 09 [email_address]
  • 75. Research3.Org [email_address] March 23, 09
  • 76. Forthcoming Events [email_address] March 23, 09
  • 77. Meteorological Event at Reading [email_address] March 23, 09