June 2006 Archives

This isn't new but I've wanted to post about this for a while now. With the popularity of iPods, a new threat emerges...less specifically about iPods and more about the fact that storage devices are increasing in capacity and decreasing... Read More..

The identity theft of 26 million U.S. veterans and spouses has sparked debate and numerous investigative meetings. That significant data breach will cost us taxpayers over $100M to notify the affected parties and offer credit protection against potential abuses. You... Read More..

Attacks on Web Services are often targeted at XML based content. Here are some of the more significant XML based attacks: Recursive payload attack - the attacker takes advantage of the nesting supported within XML. One of the strengths of... Read More..

Another consideration for protecting service based architectures is the issues related to transactions. The appeal of SOA is the benefit derived in enabling inter-enterprise transactions. However, this raises a number security related issues to consider. I'll just touch a couple... Read More..

The problem with securing web services isn't all about XML...it's also about the unique challenges brought about by distributed service based architectures. Here's just a couple of issues arising from distributed web services architecture - 1. Multiplication of open interface... Read More..

Much of the discussion around web services or SOA security tends to revolve around enabling SOAP messaging security in the form of WS-Security and other standards. Far less has been written about the notion of protecting your web services architecture... Read More..

As web applications increased in sophistication, potential exploits evolved in complexity as well. Here is a sampling of the threats that are often perpetrated against these applications: SQL injection - where an attacker would append SQL statements to an entry... Read More..

To examine web services security today, let's take a little survey of the security issues related to the first generation web application model. This model was typified by thin-client/server HTTP communication with a tightly coupled server side is comprising of... Read More..