Ads by TechWords

See your link here
Receive the latest technology news and information.
Application/Web Development
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

IBM unveils new technology to secure mashups

'Smash' tool can keep malicious code out of organizations by separating data sources

March 13, 2008 12:00 PM ET

Computerworld - IBM today rolled out new technology aimed at securing mashups -- Web applications that business users can build themselves by linking information streams from multiple sources.

IBM also disclosed that it has donated the new technology, codenamed "Smash" (for secure mashup), to the OpenAjax Alliance of vendors working to create standards for interoperable Asynchronous JavaScript and XML technologies. Smash allows information from different sources to communicate, but it keeps them separated so that malicious code that may be contained in one data source is kept out of enterprise systems, IBM said.

"People like to take gadgets and widgets and be able to build up their own dashboards, which is great," said Rod Smith, an IBM fellow and vice president. "It is empowering people to tune their information."

But he added, while users may assume that a mashup comes from the source the widget says it comes from, it could contain malicious code that could phish for information from a user's browser or from communications with a server, he added.

"We know people are going to go down this path, [so] how can we make sure they can do it in a more secure manner?" Smith said. "[Smash] is a little runtime piece [of code] that works in AJAX. As components come in through gadgets, it can proactively check to see if they are trustable. You'll be able to authenticate these pieces. As they're put on a page and they interact with other widgets on that page, you'll know they came from the right sources at that point."

Smith said that Smash is mainly aimed to be proactive protection against such attacks, which he said are not common today. However, a research report released by Gartner Inc. last month titled "The Creative and Insecure World of Web 2.0" noted that the potential for security risks increases as more business users morph into application developers by building mashups.

Because mashups enable masses of individuals within a company to become developers of applications that use their own versions of business rules and practices, they create risks for companies, the report said.

"Web 2.0 enables building applications by grabbing readily available content from someone else's Web site, a useful application from another site, design templates from one user community and [a] runtime platform from another user community," the report noted. "All this is done in a rapid application development style that often gets distorted and transformed into a style where developers begin programming before they start thinking. Lack of application development expertise will lead them to develop vulnerable applications."

Gartner advised that companies take several steps to deal with the vulnerabilities that can result from mashups, including the following:



Jump to comments

ibm

Additional Resources

Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying

White Papers & Webcasts

Extend, Replace, or Convert; which is the best way forward for COBOL Applications?
Download this white paper, free, compliments of Micro Focus!  

The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.


IT Jobs