Ask the Expert

Guarding against Web services attacks

Is there any way to spoof trusted Web services metadata, like in cross-site scripting? And, if so, how do you guard against that?

    Requires Free Membership to View

Replay, transaction insertion, out of order command processing and state modification are all examples of Web Services specific attacks that are opened up as part of a message/transaction driven architecture. Digital signatures, strong identities, sequence numbers, validity periods and encryption are all tools that can be used to mitigate such threats.

This was first published in September 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: