Answer page: Web services threats quiz

1. Answer: a. XSL
They are built using a collection of protocols and standards such as XML, XML Schema, WSDL (Web Services Description Language) and SOAP (Simple Object Access Protocol), many of which are still evolving, and as with most new technologies, security issues are often overlooked in the early stages of adoption.

To learn how Web services operate, read Why Web services threats require application-level protection.
























































2. Answer: False
Web services face a lot of the same vulnerabilities that Web applications do, such as SQL injection and session theft, but unlike traditional Web page interfaces, Web service programs are far more open, often connecting to core enterprise applications and data.

To learn how to protect against Web services vulnerabilities, read Why Web services threats require application-level protection.
























































3. Answer: b. Content-borne threats
Additionally, your developers should also be educated on the additional XML-related attack vectors that Web services are vulnerable to, mainly:

To learn how to protect against Web services threats, read Why Web services threats require application-level protection.
























































4. Answer: d. WS-Security
Web services specifications like Web Service Security (WS-Security), which addresses enhancements made to SOAP messaging to protect the message integrity, message confidentiality and message authentication.

To learn more about Web services security specifications, read Why Web services threats require application-level protection.
























































5. Answer: d. All of the above
Keep abreast of the other new standards like XML-Encryption, XML-Schema and XML-Digital Signature that aim to secure Web services traffic. Incorporate these standards into your security policy where appropriate.

To learn more about Web services security and how to mitigate Web services threats, read Why Web services threats require application-level protection.

This was first published in October 2006

Dig deeper on Web Services Security and SOA Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close