Q

Guarding against Web services attacks

In this expert response, Andrew Nash discusses ways to protect against threats to Web Services specific attacks.

This Content Component encountered an error
Is there any way to spoof trusted Web services metadata, like in cross-site scripting? And, if so, how do you guard against that?

Replay, transaction insertion, out of order command processing and state modification are all examples of Web Services specific attacks that are opened up as part of a message/transaction driven architecture. Digital signatures, strong identities, sequence numbers, validity periods and encryption are all tools that can be used to mitigate such threats.

This was first published in September 2006

Dig deeper on SOA security tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide

SearchWinDevelopment

Close