Web 2.0 Security and Privacy

Citation
ENISA, Web 2.0 Security and Privacy: Position Paper (Dec. 2008) (full-text).

Overview
One of the most important sources of vulnerabilities in Web 2.0 is the inadequacy of access and authorization frameworks used in Web 2.0 environments. This report highlights problems in policy frameworks governing the separation of control between web applications. These center on the "same-origin" policy, which sandboxes web applications coming from different domains, and the cases where this policy is either deliberately relaxed or circumvented for malicious purposes. Problems in access and authorization frameworks often stem from the difficulty in finding a balance between allowing enough freedom for Web 2.0 applications to function and providing adequate security.