The complex nature of XML security can leave some security pros scratching their heads. The use of XML-based Web services can introduce security risks that could leave your organization vulnerable to malicious attacks. In order to keep Web services secure and thwart attacks and viruses, organizations must take specific steps to secure XML and Web services; one example would be virus protection for XML documents and attachments, which...
often requires a more in-depth antivirus and antimalware security strategy.
This XML Web services tutorial, provided below, is a compilation of resources that review different types of XML security standards and approaches on how to improve security in Web services. Some of the areas covered in this tutorial include XML firewall security features and capabilities, OASIS security guidelines, the WS-Security standard and notable XML vulnerabilities and threats.
Using an XML security gateway in a service-oriented architecture
Enabling security for enterprise Web services and service-oriented architectures (SOA) requires an approach that differs from traditional security practices.
In this tip, Gunnar Peterson discusses deployment of security services in XML security gateways, explains how XML security gateways can help keep network endpoints safe in an SOA environment, and details other security services they provide.
XML viruses threaten Web services security
As XML content on the Internet continually increases, the threat of viruses, worms and malware continues to cross over into the world of Web services, meaning that simply scanning scan your computer and email attachments for malicious files is not an adequate defense against threats.
This tip highlights the importance of solid virus protection for XML documents and attachments, discusses common XML threats, and explains how they operate and explains how XML security vendors are shoring up their products to protect Web services against viruses, worms and malware.
XML complexity introduces security risks
The complexity surrounding XML security can leave some security pros scratching their heads, introducing security risks that could leave an enterprise open to malicious attacks. According to the experts, security pros need to remove complexity and remedy performance degradation introduced by hefty authentication methods in order to implement a solid XML security strategy.
This article provides a better understanding of XML security and XML security issues, such and authentication and access control, and highlights the importance of considering these issues when designing and managing XML Web services.
XML security terms and definitions
- Security Assertion Markup Language (SAML) (Whatis.com)
- Authentication (Whatis.com)
- Authorization (Whatis.com)
- Digital signature (Whatis.com)
- SOAP (Simple Object Access Protocol) (Whatis.com)
- Algorithm (Whatis.com)
- Extensible Access Control Markup Language (XACML) (Whatis.com)
- Organization for the Advancement of Structured Information Standards (OASIS) (Whatis.com)
- Encryption (Whatis.com)
- WS-Security (Whatis.com)
- Firewall (Whatis.com)
- Single signon (Whatis.com)
- Public key infrastructure (PKI)