This article can also be found in the Premium Editorial Download "Information Security magazine: Identity crisis solved: Tips from a top identity management expert."
Download it now to read this article plus other related content.
Microsoft's .NET development framework can help your Web apps perform securely.
Web services allow organizations to connect with other entities across disparate platforms, delivering the information they need, when they need it. Lifting up the hood, Web services include a complex mix of service-oriented architectures, semantic webs, XML, self-describing software and SOAP.
Utilizing Web services involves combining technology and techniques from different applications into a seamless architecture. To solve this problem, Microsoft created and embedded .NET into its operating systems and key Microsoft server applications to provide seamless integration across its entire suite of products.
Any time you hear about a new development platform that allows for dynamic downloads and remote execution of code, your security radar should perk up immediately. Web services open a world of dynamic connectivity and commerce, but they have also opened enterprises to attack because of vulnerable code and authentication infrastructure.
While security is still only as good as the human beings who adhere to sound security coding policies and practices, .NET provides built-in mechanisms for avoiding some of the common pitfalls. Let's examine some of the most important points.
This was first published in May 2006