This SearchWebServices.com guide introduces you to Web services security -- highlighting the inherent challenges of securing Web services while providing you with strategies to overcome these challenges. You'll find articles, tips, white papers, expert advice and more to arm yourself against would-be invaders. Drop me an e-mail to let me know what other learning guides you'd like to see on SearchWebServices. Leigha Bloss, Associate Editor.
| TABLE OF CONTENTS
Web services security standards
Web services security challenges
Web services security strategies
|Web services security standards||Return to Table of Contents|
- Glossary Definition: WS-Security (SearchWebServices.com, powered by Whatis.com)
- Glossary Definition: SAML (SearchWebServices.com, powered by Whatis.com)
- Glossary Definition: XACML (SearchWebServices.com, powered by Whatis.com)
- Featured Topic: Fast facts: WS-Security
WS-Security enables Web services to be deployed across firewalls to reach business partners, suppliers and customers. Here we've pulled together tips, expert advice, articles and the lastest news to help build your confidence using this standard.
- Article: OASIS ratifies core security spec
Common Alerting Protocol (CAP), which standardizes the interfaces used to disseminate public alerts and warnings, is ratified by OASIS as a standard.
- Article: Second-generation XML security preview: SAML
A preview of XML's next-generation security language.
- Advice: What security concerns does WS-Security address?
- Advice:Are there other projects for Web services security in the works beside WS-Security?
- Advice: Confused about differences in Web services security technology
- Advice: Impact of the W3C vs. OASIS battle on Web services security standards
- Advice: Are SAML and WS-Security competitive specifications for Web services security?
- Advice: Why can't I just use SSL to protect my Web services?
- Advice: Web services standards and management
- Standards Organization: OASIS.org
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards.
- XWSS.org: Web services security forum
This forum is designed to offer security professionals, application developers, product managers, system auditors and IT operations staff a way to exchange ideas and share information about XML Web Services and security issues.
- MSDN Library: WS-Security Specification Index Page
- White paper: Chapter of the Week: Web Services Security -- Chapter 9, 'WS-Security'
- Browse this editor-selected collection of resources covering standards and protocols.
|Web services security challenges||Return to Table of Contents|
- Article: Web Enterprise apps may pose Web services security problem
Just when you thought your SAP, PeopleSoft and Oracle apps were safe, Gartner said that opening their built-in Web services interfaces may open some unknown security holes.
- Article: Best practices for secure code
A look at some of the dangers of insecure code and a few best practices for writing more secure code.
- Article: Web services pose identity management challenges
Identity management is a growing challenge for Web services, but experts say a combination of good policies and cutting-edge security technology might be the best answer.
- Advice: Assessing security of Web services, part one
- Advice: Assessing security of Web services, part two
- Advice: Securing Web services: A job for the XML firewall
- Webcast: The challenges of Web services security inside the firewall
When traditional security is not enough inside the firewall, where do you turn? Find out if you should implement special precautions to your current security mechanisms from this webcast.
- White paper: Chapter of the Week: Web Services Security -- Chapter 3, 'New challenges and new threats'
- White paper: A Guide to Securing XML and Web Services
- Browse this editor-selected collection of resources covering the ins and outs of Web services security.
|Web services security strategies||Return to Table of Contents|
- Article: Secure Web services a sound business practice
Experts identify the nuances of securing Web services, and there's more to it than antivirus software and a solid firewall.
- Article: Securing Web services requires out-of-box thinking
XML Web services have introduced an open, standards-based way of doing business, and traditional network security efforts aren't enough to keep things safe.
- Article: Report recommends standalone XML security appliances
A Forrester Research report delves into the immature XML security gateway market and makes a few recommendations to help enterprises with their buying decisions.
- Article: Security hodge-podge used in Web services projects
More than half of the companies participating in a recent security survey said they have yet to deploy Web services beyond the firewall because of security concerns. Also, nearly all of those with Web services projects said they are using multiple standards in building their Web services security architectures.
- Advice: Web services security strategy
- Advice: The major Web services security vendors
- Advice: Aren't Web services limited to executing services through the server interface?
- Advice: Middle tier Web services
- Advice: Are there any Web services security problems that can't be solved today?
- White paper: Requirements for securing Enterprise Web Services