Abstract
Social networking sites have created a dangerous cocktail of user-supplied content, open APIs and heavy use of client-side code. Mix in third-party applications, many hosted off-site, and you have a constantly expanding and mutating attack surface in which not even the sites themselves are capable of verifying the content they deliver. Some vulnerabilities stem from poor coding, but we are seeing an increasing number of exploits that take advantage of this environment's lack of security standards and practices. Security solutions designed to protect against XSS, CSRF and other standard web-based exploits may help, but the trust that many users place in social networks will always make them vulnerable to social engineering. Steve Mansfield-Devine takes a look at the security issues associated with this exciting but dangerous category of online service. Social networking has made the web a friendlier, more connected but more complex environment. Sites such as Facebook, MySpace, Orkut, LinkedIn and their like have concocted a dangerous cocktail of user-supplied content, open APIs, and web pages heavily loaded with Javascript and embedded media of all descriptions. And it's an environment that is largely devoid of security standards and practices.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
