Building on Social Application Platforms
Download as PPTX, PDF3 likes685 views
The document discusses various security incidents and challenges faced by social application platforms, including data breaches affecting RockYou and phishing attacks on MySpace. It highlights Zynga's concerns about Facebook's monetization policies. Additionally, it emphasizes the importance of securing third-party code and managing user authentication and authorization in social applications.
Building on Social Application Platforms
- 1. Building on Social Application PlatformsJonathan LeBlanc – Technology EvangelistYahoo! Developer Network – Partner IntegrationsTwitter: @jcleblanc
- 2. 2Valuation: $4 Billion (May 2010)Business InsiderSold for between $15 - $25 MillionSan Francisco Examiner
- 3. 3
- 4. 4RockYou! User Database Hacked“In December 2009, an attacker breached the company's database of usernames and passwords of its 32 million users.”Techweet: http://www.techweet.comZynga Threatens to Leave Facebook“Zynga was threatening to leave Facebook altogether in the wake of Facebook's requiring exclusive use of Facebook credits for monetization in applications.”TechCrunch: http://www.techcrunch.comSpammers Running Wild In Latest MySpace Phishing Attack“…suggesting that the site has fallen prey to a security exploit that grants spammers access to accounts.”TechCrunch: http://www.techcrunch.com
- 5. 5
- 6. 6Avoiding Disaster with Open SourceAccessing the Social GraphAuthorizing Application Authenticating UsersSecuring Third Party Code
- 7. 7Accessing the Social Graph
- 10. 10Thank youRead More LinksOpenSocial: http://www.opensocial.org/
- 14. Caja: http://code.google.com/p/google-caja/Yahoo! Container Links Yahoo! Application Platform: http://developer.yahoo.com/yap
Editor's Notes
- #4: The social graph is the user footprint on the web. We are no longer living in the days when our online and real lives are separate. Developers can leverage off of this data to personalize and target applications for specific users.
- #6: Why would you ever want to build an application in such a hostile space? One main reason:When you first deploy your application you have the potential to reach the huge network of users on the existing platform, allowing you to build a user base very quickly – much more so than in traditional software development.
- #7: There are generally four layers that developers need to be concerned about when working in this space, all addressed by open source technologies.
- #8: OpenSocial is a project which seeks to standardize the approach to accessing user social data on a platform.Shindig is an apache project which allows OpenSocial gadgets (or apps) to render in a container.
- #9: OAuth is an open source project which is used to allow users to permission applications to perform actions or capture user data on their behalf. OpenID is a project which is used to take your social identity off the social networks and expose it, using a single sign-on username and password, to third parties.
- #10: Traditionally, applications are secured by serving them up within iframes. They are simple to create / maintain and provide full content control for developers. The problem is that they are not secure and allow a host of XSS attacks on a container.Caja, a Google created open project, seeks to sandbox applications on a container to provide a layer of security on the container from applications. It rewrites front-end JavaScript, HTML and CSS to sanitize the code running on a platform and provides a sanitized version of the DOM to the application without allowing it to reach out to the real DOM.
- #11: Links to the projects and platforms we talked about during this presentation