In your view, what are some of the greatest security challenges facing social networking sites currently?
While discussing some of the greatest security challenges facing social networking sites, keep in mind that these risks are risks faced by nearly every public Internet application, so the challenges and solutions are applicable to anyone responsible for Web application security.
The top problems faced by nearly every interactive Web application can be rolled up into the OWASP top ten. These are the ten most common vulnerabilities across the Web, backed by empirical research. No team can afford to release software without validating these issues within their application.
Following application functionality, I believe the next greatest security challenge is the privacy of individual accounts. I would break this up into two categories: identity management (both securing and protecting the valid identity of users, as well as preventing the use of fake identities for social engineering and other malicious purposes) and individual privacy (specifically, striking the right balance between individual privacy and corporate business plans). In an age where social engineering and account hijacking are a common occurrence, organizations need to develop strategies to protect online identity and prevent online identity theft. The theft of a single identity account can lead to massive identity fraud, as hijackers spread their attack from site to site. Companies also need to protect their ‘privacy reputation.’ Take the ongoing debates about Facebook’s approach to privacy, for example. It seems like the company consistently chooses the least private default option for new and modified functionality. Few users understand their privacy settings at all, let alone how to achieve their own appropriate privacy balance. This has caused the company serious disruption in the form of bad PR, numerous lawsuits and a bad reputation within the marketplace. Companies will be expected to strike a better balance, protecting the online privacy and identity of their users.
Finally, companies need to face the facts: their users are poorly educated about security. Users routinely browse the Internet with machines lacking anti-malware software. Often, they do not recognize even the most blatant attempts at social engineering. Hackers have taken notice of the ignorance of their targets and are increasingly taking advantage of poor training. Social media and other online sites need to make better efforts toward protecting their users, from a moral standpoint as well as a pure profit-driven basis. As users contract more and more online viruses and experience more social engineering, sites that aid in those attacks will lose reputation in the market.
In an age where a social media site can come up and grow to millions of users in a matter of weeks, users have alternatives. Without responding to security challenges such as the top ten vulnerabilities, online privacy and user education, sites which experience broadly successful attacks will struggle to retain their user base as a consequence of their poor security stance.
Dig Deeper on Topics Archive
Related Q&A from John Overbaugh
Learn what's behind AWS outages and how to fix failures before they happen. Continue Reading
Learn strategies for best security test strategies for SaaS cloud. Continue Reading
Expert John Overbaugh identifies the three top concerns of the test manager and offers advice on how to stay ahead of the curve when it comes to ... Continue Reading