Introduction to Assessing and Securing Web Services
نویسنده
چکیده
The primary purpose of the paper is to provide an introduction to security related problems in web services implementations, describe approaches used to identify these issues, and provide brief recommendations to resolve these problems. Questions such as the following are important in this respect: • How does the web service authenticate the service consumer or client? • How does the client authenticate the web service? • Is data protected between the web service provider and client? • Does the web service provide an adequate authorisation framework to ensure user privileges are uniformly and consequently enforced? • Does the application properly clean client or requester input? Identification and exploitation of vulnerabilities in the above areas will be practically illustrated. Even though tools are important in this area, the analyst has to have a good understanding of the technology in question. The paper will focus on the high-level critical thinking that needs to be applied in assessing and securing web services.
منابع مشابه
A Gateway to Web Services Security - Securing SOAP with Proxies
Integrating applications and resources using Web Services increases the exposure of critical resources. Consequently, the introduction of Web Services requires that additional effort be spent on assessing the corresponding risks and establishing appropriate security mechanisms. This paper explains the main challenges for securing Web Services and summarizes emerging standards. The most importan...
متن کاملA functional model for assessing Iran's cinematic websites
Background and Objectives: Today, websites with diverse and varied uses have revolutionized all social, scientific, educational, artistic, commercial, and other fields of thought. In the meantime, the cinema has not gone away with this technological advancement, and a large number of cinema websites have been set up to help film makers in this field. Whatever the users of a website, the main pu...
متن کاملSecuring Web Services with SOAP Security Proxies
Although in principle independent of any particular messaging protocol, Web Services are primarily accessed using SOAP over HTTP in practice. As SOAP provides no message security at all, other ways of securing messages are necessary. This paper summarizes the most important security model for SOAP, WS-Security, and its related specifications. We explore the advantages of one particular approach...
متن کاملEnabling Secure Service Discovery with Attribute Based Encryption
This paper concentrates on providing a scalable solution for securing the service discovery mechanisms deployed in dynamic and self-organizing systems like those found in ubiquitous computing or semantic web based scenarios. Service discovery is rendered necessary when clients need to locate services they can describe but that they do not necessarily know, thereby rendering PKI based solutions,...
متن کاملHTTPI Based Web Service Security over SOAP
Now a days, a new family of web applications 'open applications’, are emerging (e.g., Social Networking, News and Blogging). Generally, these open applications are non-confidential. The security needs of these applications are only client/server authentication and data integrity. For securing these open applications, effectively and efficiently, HTTPI, a new transport protocol is proposed, whic...
متن کامل