Web Development Live

Two months after their Web site was hacked, the organizers of Barack Obama’s presidential campaign are looking for a network security expert to help lock down their Web site.

“Obama for America is looking for a network security expert who wants to play a key role in a historic political campaign,” reads the ad, posted to the Barackobama.com Web site.

Successful candidates will join Obama’s Boston team and should expect to find a new job come November.

Obama’s Web site, built by Facebook cofounder Chris Hughes, has been the model of Web 2.0 campaigning, using social-networking techniques to raise funds and build a broad base of active, Internet-savvy supporters.

But security experts have long warned that powerful Web site features also open new avenues for attack.

With the Internet driving the majority of the campaign’s contributions, Web security is probably more important to Obama than it has been to any other presidential candidate. A Web outage could cost his campaign millions of dollars, and a widely publicized privacy breach could put the brakes on his most important source of cash.

In April, a programming error allowed a Hillary Clinton supporter to redirect part of Obama’s Web site to Clinton’s, but today’s Web attack techniques could lead to much more serious consequences.

“Attacks like SQL injection would be far more of a concern,” said Oliver Friedrichs, a director with Symantec Security Response who has written about computer security and the 2008 presidential election. “If I was able to get access to the database that houses their donor information, that would be very concerning.”

So-called SQL injection attacks take advantage of programming errors and allow attackers to get unauthorized access to parts of a Web site. They can be used to install malicious software or gain access to sensitive information.

Obama’s site isn’t the only one to suffer from Web security bugs. A similar flaw popped up in Mitt Romney’s site in January, and Hillary Clinton’s name was used in a spam campaign that delivered messages laced with malicious Trojan Horse software programs, Friedrichs said.

While Web defacements and denial of service attacks may be the most common security problems, a Web privacy breach could quickly become a major campaign issue, Poole said. “For a big office, things like the reputation of the candidate are really important,” he said.

To encourage the creation of more Web-based applications during the next several years, Google Inc. will invest in three key areas for developers, including opening up its servers to host their applications, encouraging pervasive connectivity to the Web, and making the browser more powerful, said Vic Gundotra, Google’s vice president of engineering, who gave the opening keynote speech at this year’s Google Developer Conference at the Moscone Center in San Francisco.

“Google was born in the era of the Web,” Gundotra said. “It’s the only platform we’ve known. It was a platform that was formed by consensus. It was all of us collectively that agreed to a few standards. We feel a debt of gratitude toward that community.”

Gundotra conceded that Web developers working atop Google-provided development tools and servers would lead to remunerative opportunities for the Mountain View, Calif.-based company. “As the Web gets bigger and enables better Web apps, it attracts more users. For us, more users means more Google searches, which leads to more revenue. But the money we make will get dumped back into the platform.

Google will hold a developer confab in May, called Google I/O, to discuss the challenges of writing applications for the Web.

This year’s two-day event in San Francisco is larger than last year’s Google Developer Day, its first organized conference aimed specifically at Web developers.

While the format is different–there will be more in-depth technical sessions and tutorials for newbies who want to write mash-ups–Google’s developer strategy remains the same.

Why do they court developers? To encourage creation of more and better Web applications, said Tom Stocky, a senior product manager at Google, on Tuesday.

“We’re trying to get more users, in general. We want to increase the number of users and the amount they use the Web. And improving the platform is the best way to do that, we’ve found,” Stocky said.

What will be different this year is an increased focus on developing social applications, reflecting Web development in general. Google will have sessions on social applications, including ways to use OpenSocial, which is designed to let people share information on social networks among different applications.

There is also a track on mobile development, including ways to use Google Gears for Mobile and Android, the mobile phone platform Google and its partners introduced last November.