SearchSecurity Retention

Answer page: Web services threats quiz

1. Answer: a. XSL
They are built using a collection of protocols and standards such as XML, XML Schema, WSDL (Web Services Description Language) and SOAP (Simple Object Access Protocol), many of which are still evolving, and as with most new technologies, security issues are often overlooked in the early stages of adoption.

To learn how Web services operate, read Why Web services threats require application-level protection.
























































2. Answer: False
Web services face a lot of the same vulnerabilities that Web applications do, such as SQL injection and session theft, but unlike traditional Web page interfaces, Web service programs are far more open, often connecting to core enterprise applications and data.

To learn how to protect against Web services vulnerabilities, read Why Web services threats require application-level protection.
























































3. Answer: b. Content-borne threats
Additionally, your developers should also be educated on the additional XML-related attack vectors that Web services are vulnerable to, mainly:

To learn how to protect against Web services threats, read Why Web services threats require application-level protection.
























































4. Answer: d. WS-Security
Web services specifications like Web Service Security (WS-Security), which addresses enhancements made to SOAP messaging to protect the message integrity, message confidentiality and message authentication.

To learn more about Web services security specifications, read Why Web services threats require application-level protection.
























































5. Answer: d. All of the above
Keep abreast of the other new standards like XML-Encryption, XML-Schema and XML-Digital Signature that aim to secure Web services traffic. Incorporate these standards into your security policy where appropriate.

To learn more about Web services security and how to mitigate Web services threats, read Why Web services threats require application-level protection.

This was first published in October 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: