Thanks for everyone that came along to my presentation titled “Insecurity 2.0 – Securing Next Generation and Rich Internet Applications”. The feedback was excellent and the discussions were very interesting.
I’ve reworded this post to clear up some confusion.
Part of the talk covered the idea of “malicious mashups” where we explored the possibility of mashups being used for malicious purposes where we explored the idea of legitmate mashups being programatically used for unethical or criminal purposes. This is not to be confused with malicious code simply being used in mashups or AJAX/RIA applications (which is not new). With the inherent openness of the next generation web services, it’s only a matter of time before we see a mashup used for questionable purposes. It’s highly likely that these already exist, but I haven’t seen any of great note. Please contact me if you’ve come across any examples or have your own thoughts on this matter.