Security Management Strategies for the CIOEmail Alerts
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
XML encryption and WS-Security tutorial: Essential elements of Web services security
WS-Security and XML encryption are two essential elements of Web services security. In this XML encryption and WS-Security tutorial, which is a part of the SearchSecurity.com XML Web services tutorial, learn more about the security threats and conce... Learning Guide
-
Answer page: Web services threats quiz
SearchSecurity Retention
-
XML Web services tutorial: How to improve security in Web services
Securing XML is an essential element in keeping Web services secure. This SearchSecurity.com Learning Guide is a compilation of resources that review different types of XML security standards and approaches for keeping your XML Web services secure. Learning Guide
-
The future of software security vulnerabilities
The evolution of software security vulnerabilities opens new vistas for business... and the bad guys. Feature
-
Infosec Know IT All Trivia: Securing Web services
Test your knowledge of securing Web services with these trivia questions. Quiz
-
Infosec Know IT All Trivia: Application security
Put your knowledge of application security to the test. Quiz
-
Researchers break W3C XML encryption algorithm, push for new standard
Researchers in Germany have demonstrated weaknesses in the W3C XML encryption standard used to secure websites and other Web applications. News | 25 Oct 2011
-
Security testing firm uncovers XML vulnerabilities
Codenomicon, a maker of security testing tools, finds multiple critical flaws in widely used XML libraries that could lead to denial of service attacks or injection of malicious code Article | 06 Aug 2009
-
Cryptographers say cloud computing can be secured
While securing data in the cloud will remain an issue in the near term, researchers will develop ways to better protect data in the cloud, say a panel of cryptographers at the 2009 RSA Conference. Article | 21 Apr 2009
-
MySpace, Facebook ignoring basic principles of security
Social networking websites MySpace and Facebook present a significant security risk to users, largely because their wide-open application programming interfaces (APIs) are a tempting target for malicious hackers. Article | 08 Aug 2008
-
Kaminsky: DNS flaw capable of attacks on many fronts
Black Hat: Security researcher Dan Kaminsky outlined more than a dozen ways the DNS cache poisoning flaw could be exploited by an attacker to wreak havoc on vulnerable systems. Article | 06 Aug 2008
-
Kaminsky on DNS rebinding attacks, hacking techniques
Noted network security researcher Dan Kaminsky, director of penetration testing at IOActive, shares his research on Web-based attack techniques. Article | 14 May 2008
-
IBM's Watchfire halts network research, focuses on Web apps
Watchfire is halting its network and host-based research to focus solely on Web application security as part of its integration into IBM. The Waltham, Mass-based penetration vendor was acquired last year and become part of IBM's Rational development ... Interview | 26 Mar 2008
-
Liberty Alliance begins SAML 2.0 testing in July
Liberty Alliance's compatibility testing will pave the way for more tools businesses can use to implement federated ID management. Article | 17 Jan 2008
-
SOA, Web services security hinge on XML gateways
XML security gateways could be the missing piece in most SOA deployments, says Tim Bond, a senior security engineer at webMethods Inc. Article | 17 Jan 2008
-
Citrix adds Web security with acquisition
Citrix Systems Inc. said it acquired XML security vendor QuickTree for its compiler technology and Java API for XML processing. Article | 05 Sep 2007
- See more News on Web Services Security and SOA Security
-
Remediation planning for Ruby on Rails security vulnerabilities
The recent Ruby on Rails security vulnerabilities can be patched. Expert Michael Cobb discusses the fallout and offers help with remediation planning. Tip
-
MySQL security analysis: Mitigating MySQL zero-day flaws
In the wake of several recent MySQL zero-day vulnerabilities, expert Michael Cobb assesses the state of MySQL security. Is a MySQL alternative needed? Tip
-
Using an XML security gateway in a service-oriented architecture
Enabling security for enterprise Web services and service-oriented architectures (SOA) requires an approach that differs from traditional security practices. In this tip, Gunnar Peterson explains how XML security gateways can help keep network endpoi... Tip
-
Why Web services threats require application-level protection
Now that more organizations are using application-layer firewalls to secure Web applications, what's an attacker to do? Find a more vulnerable victim, of course. In this tip, SearchSecurity.com expert Michael Cobb explains how and why hackers have st... Tip
-
Ajax security: How to prevent exploits in five steps
While Ajax can make your Web pages feel faster and more responsive, this Internet-based service, like many Web development tools, has its security concerns. In this tip, SearchSecurity.com expert Michael Cobb examines how Ajax works, how hackers can ... Tip
-
How to overcome Web services security obstacles
Richard Mackey explains how to build secure Web service applications and the difference between Web service protocols and standards. Tip
-
Limiting the risk and liability of federated identities
You'll learn the legal issues involved in federated identity and how to best manage them. Tip
-
XML-based attacks and how to guard against them
Learn how to guard against XML-based attacks using XML firewalls. Tip
-
Achieving ROI with Web services
Achieving ROI with Web services takes some planning. Experts say the larger the implementation, the more difficult it is to pull off. Tip
-
ASP.NET authentication: Three new options for Web services
Web developers migrating to ASP.NET find themselves faced with additional authentication options available for use in Web services. Tip
- See more Tips on Web Services Security and SOA Security
-
Can XML encryption thwart XML attacks?
Expert Nick Lewis discusses proof-of-concept XML attacks and possible steps for defending data protected by XML encryption. Answer
-
OAuth 2.0: Pros and cons of using the federation protocol
Learn the advantages and disadvantages of using Open Authorization for Web application authentication. Answer
-
What is a virtual directory? The essential application deployment tool
What is a virtual directory? As expert Michael Cobb explains, it can be an extremely helpful secure application deployment tool. Answer
-
Which operating system can best secure an FTP site?
In this expert Q&A, platform security expert Michael Cobb explains how a secure FTP protocol can improve websites and Web services. Ask the Expert
-
How does identity propagation work?
In this expert Q&A, Joel Dubin defines identity propagation and explains how it works. Ask the Expert
-
Are attackers using malware to exploit service oriented architectures?
Malware writers aren't taking advantage of service-oriented architectures. Not yet, anyways. In this expert Q&A, Ed Skoudis explains the vulnerabilities of an SOA, and why it's a potential target for malicious hackers. Ask the Expert
-
Which Web services provide the best remote help desk support?
More and more workers are telecommuting these days, forcing enterprises to search for quality, cost-effective remote help desk support. In this SearchSecurity.com Q&A, application security expert Michael Cobb lays out some of your remote assistance o... Ask the Expert
-
Do XPath injection attacks require the same response as SQL injections?
XPath injection attacks are slightly different (and more dangerous) than SQL injections. In this SearchSecurity.com Q&A, application expert Michael Cobb reveals the preventative steps that can protect your systems from either type of assault. Ask the Expert
-
Will two different operating systems cause administrative problems?
Using two different operating systems can often boost a company's security, but there are practical limitations to the enterprise practice. In this expert Q&A, Michael Cobb reveals how separate platforms can lead to deployment issues and higher devel... Ask the Expert
-
Do any freeware tools scan for Ajax vulnerabilities?
Securing Ajax applications is a new challenge for anyone developing Web services. In our expert Q&A, Michael Cobb reviews tools that can assess the vulnerabilities of Ajax Web applications. Ask the Expert
- See more Expert Advice on Web Services Security and SOA Security
-
network drive
A network drive is a storage device on a local access network (LAN) within a business or home. Within a business, the network drive is usually located on a server. In a home, the network drive may be located on a dedicated server, one of the networke... Definition
-
Will cloud computing and virtualization save the day?
Will cloud computing and virtualization make enterprises more secure or leave them more vulnerable? At Information Security Decisions 2008, security researchers discuss the pros and cons of the inevitable cloud (part 3 of 4). Video
-
Remediation planning for Ruby on Rails security vulnerabilities
The recent Ruby on Rails security vulnerabilities can be patched. Expert Michael Cobb discusses the fallout and offers help with remediation planning. Tip
-
MySQL security analysis: Mitigating MySQL zero-day flaws
In the wake of several recent MySQL zero-day vulnerabilities, expert Michael Cobb assesses the state of MySQL security. Is a MySQL alternative needed? Tip
-
network drive
A network drive is a storage device on a local access network (LAN) within a business or home. Within a business, the network drive is usually located on a server. In a home, the network drive may be located on a dedicated server, one of the networke... Definition
-
Can XML encryption thwart XML attacks?
Expert Nick Lewis discusses proof-of-concept XML attacks and possible steps for defending data protected by XML encryption. Answer
-
OAuth 2.0: Pros and cons of using the federation protocol
Learn the advantages and disadvantages of using Open Authorization for Web application authentication. Answer
-
What is a virtual directory? The essential application deployment tool
What is a virtual directory? As expert Michael Cobb explains, it can be an extremely helpful secure application deployment tool. Answer
-
Researchers break W3C XML encryption algorithm, push for new standard
Researchers in Germany have demonstrated weaknesses in the W3C XML encryption standard used to secure websites and other Web applications. News
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
XML encryption and WS-Security tutorial: Essential elements of Web services security
WS-Security and XML encryption are two essential elements of Web services security. In this XML encryption and WS-Security tutorial, which is a part of the SearchSecurity.com XML Web services tutorial, learn more about the security threats and conce... Learning Guide
-
Security testing firm uncovers XML vulnerabilities
Codenomicon, a maker of security testing tools, finds multiple critical flaws in widely used XML libraries that could lead to denial of service attacks or injection of malicious code Article
- See more All on Web Services Security and SOA Security
About Web Services Security and SOA Security
Get expert advice and browse this section for news, tips and best practices on Web services security, service oriented architecture (SOA) security, SOA attack, vulnerabilities, implementation, development, applications and training.