Threat Protection for a Service Oriented World - Andre Yee's Security Insider - ebizQ

February 10, 2008 Sign In | About ebizQ | Contact Us | Join ebizQ Gold Club

Andre Yee's Security Insider
An open dialogue about security and compliance for the enterprise.

« Web Services Security - Web Application Threats | Main | Threat Protection for Web Services - Architecture Matters »

June 09, 2006
Threat Protection for a Service Oriented World

Much of the discussion around web services or SOA security tends to revolve around enabling SOAP messaging security in the form of WS-Security and other standards. Far less has been written about the notion of protecting your web services architecture from potential threats. When you consider securing this service oriented world we are intentionally engaged in from a technical perspective, we start to realize how challenging threat protection can be.

Threat protection of a distributed web services environment is exponentially more difficult than your traditional tightly bound, monolithic web app. You have to consider protecting web services architectures at three levels:

1. Architecture
2. Transactional
3. XML Content

Much of the discussion is relegated to (3) without consideration to (1) to the detriment of security. Let's examine how architecture plays a role in changing the rules of threat protection.

Posted by andreyee in web services security |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/346

Comments Post a comment

Most Recent ebizQ Blog Entries

ADVERTISEMENT

RSS Subscription

Recent Posts

Privacy Problems with Social Networks
Implications of Salesforce Phishing Incident
Electronic Jihad?
Top 10 Most Vulnerable Apps for 2007
Adobe Fixes Vulnerability But Problems Persist in the Wild
Ann Coulter Hacked
Social Networking Versus Corporate Security
How Web 2.0 is Challenging Corporate Security
Identity Data Leaked from Mortgage Company
Is the iPhone Secure Enough For You?

Categories

Alerts/Warnings
Compliance
Industry Trends
Insider Attacks
IPS/Firewall Technology
M&A
Network Security
Odds and Ends
Privacy/Information Theft
Product Announcements
Spam & Spyware
web 2.0
web services security
Wireless Security

Archives

December 2007
November 2007
October 2007
September 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006

Blog Roll

This Work

Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ

Disclaimer:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ.

free hit counter script

Subscribe to our Newsletters
ebizQ Weekly Gold Club Update Live Webinar Updates Updates from ebizQ Partners ebizQ SOA Update ebizQ BPM Update ebizQ Security Update ebizQ BI Update ebizQ Open Source Software Update Virtual Show Newsletter
Your E-mail Address:

BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND

Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND

Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map