Locking down Layer 7

This presentation by Pete Lindstrom, Research Director of Spire Security, was given at Information Security Decisions Spring 2005.

The most significant attacks against data today have migrated "up the stack" to the application layer (Layer 7). To the Internet community, this means the Web and its evolutionary partner, Web Services, are prime targets.

This session tackles Web architecture from two perspectives -- that of the user (source) and the Web server (destination) -- and identifies solutions that address the specific issues with each. Additionally, it will apply a threat model approach to the newer protocols -- and the capabilities of Web services -- to identify new threats and how existing technology can thwart them.

View this presentation

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Web Security Advisor,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Web Security Advisor DNS rebinding defenses still necessary, thanks to Web 2.0 New defenses for automated SQL injection attacks PCI compliance and Web applications: Code review or firewalls? Worst practices: Bad security incidents to avoid Web scanning and reporting best practices Social networking Web site threats manageable with good enterprise policy Enterprise security in 2008: Building trust into the application development process PCI DSS Section 6: A plan for tackling application security Making the case for Web application vulnerability scanners Preparing for uniform resource identifier (URI) exploits RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.