
	Home > Answer page: Web services threats quiz

SearchSecurity Retention Quiz of the Week:

LICENSING & REPRINTS

Answer page: Web services threats quiz

12 Oct 2006

Digg This!

StumbleUpon Toolbar

StumbleUpon

Del.icio.us

1. Answer: a. XSL
They are built using a collection of protocols and standards such as XML, XML Schema, WSDL (Web Services Description Language) and SOAP (Simple Object Access Protocol), many of which are still evolving, and as with most new technologies, security issues are often overlooked in the early stages of adoption.

To learn how Web services operate, read Why Web services threats require application-level protection.

2. Answer: False
Web services face a lot of the same vulnerabilities that Web applications do, such as SQL injection and session theft, but unlike traditional Web page interfaces, Web service programs are far more open, often connecting to core enterprise applications and data.

To learn how to protect against Web services vulnerabilities, read Why Web services threats require application-level protection.

3. Answer: b. Content-borne threats
Additionally, your developers should also be educated on the additional XML-related attack vectors that Web services are vulnerable to, mainly:

XML identity threats, updated versions of the traditional identity threats, such as authentication attacks and eavesdropping.

Content-borne threats that use actual XML payloads to distribute XML viruses, SQL statements, Unix commands, etc.; and

Operational attacks, including XML-level denial-of-service attacks and XML bombs.

To learn how to protect against Web services threats, read Why Web services threats require application-level protection.

4. Answer: d. WS-Security
Web services specifications like Web Service Security (WS-Security), which addresses enhancements made to SOAP messaging to protect the message integrity, message confidentiality and message authentication.

To learn more about Web services security specifications, read Why Web services threats require application-level protection.

5. Answer: d. All of the above
Keep abreast of the other new standards like XML-Encryption, XML-Schema and XML-Digital Signature that aim to secure Web services traffic. Incorporate these standards into your security policy where appropriate.

To learn more about Web services security and how to mitigate Web services threats, read Why Web services threats require application-level protection.

Digg This! StumbleUpon Del.icio.us

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search Additional Security Research and Solutions
Find Security Channel Research for Resellers and Partners

TechTarget Security Media

Information Security

View this month\\'s issue and subscribe today.

Information Security Decisions

Apply online for free conference admission.

SearchSecurity.com

SEARCH :

Site Index

Powered by:

About Us | Contact Us | For Advertisers | For Business Partners | Site Index | RSS

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy