The report worries about the ‘relative ease of discovering vulnerabilities in Web applications compared to other platforms’. Source code is easily obtained, they are frequently updated, and because there are few restrictions to distinguish valid input from invalid, web applications are ‘susceptible to common types of input validation vulnerabilities, such as cross-site scripting and SQL injection’.
The technologies underpinning Web applications and Web services also give Symantec cause for concern…
Symantec is concerned that in the rush to develop Web services, the underlying Web applications that use them are not receiving the same level of security auditing as traditional client-based applications and services.
‘As Web applications continue to gain in popularity, Symantec expects to see an increase in the number of attacks taking advantage of the interconnected, interactive nature of AJAX to increase the number of potential targets.’
==> I think recent trend suggets that with newer technology and more focus on developing solutions faster rather than robust and secure is bound to create issues in future stability of the product. I keep hearing comments like “AJAX” enabled, hopefully they are secure and manegeable!!