In a fast evolving online market place, businesses rely on technology to ensure data, applications and customers' online transactions are fundamentally secure. Simultaneously, online businesses grapple with security issues due to the high volume of sensitive information they store and process. There are a number of reasons for online businesses to adopt the latest cutting-edge Web 2.0 technologies:

Business Driven

• Attract customers.
  
• Higher customer conversions.
  
• Retain customers.

Security Benefits

• Client-side robustness.
  
• Third-party integration without compromising security.
  
• Relatively secure combinations of several technologies.

Scalability and Robustness

• Cross-domain possibilities.
  
• Ajax-based applications more flexible than page-centric.
  
• Ajax and Flex applications are scalable without major architectural changes.
  
• Fewer server interactions.

Security Features of Web 2.0 Applications

Web 2.0 applications like Google Calendar and MySpace.com cater to high-volume user interactions by utilizing technologies like Flex, AJAX, etc. The sections below discuss the inherent security aspects of different categories of Web 2.0 technologies.

Flex: Client-side
Applications developed using Flex execute within Flash Player and run inside a security sandbox that prevents malicious attempts on application code. The sandbox ensures that Flex is a standalone application, running inside a browser, and prevents unauthorized access to the operating system environment as well as other local instances of Flash Player. Flex has an extensive list of features that ensures Flash content is secure, including:

• Encryption capabilities of SSL in the browser encrypt communications between Flash applications and servers.
  
• Sandbox security system limits information transfer that might pose risks to security or privacy.
  
• Prohibits applications from reading from and writing to the local drive, except for shared objects created by that domain.
  
• Prevents web content from reading data from servers not in the same domain, unless explicit access granted.
• Enables user to disable storage of information for any domain.
• Prohibits data from being sent from a camera or microphone unless the user gives permission.