BT

InfoQ Homepage Presentations SOA Threat Modeling: Attacking and Defending REST, XML and SOAP-based Services

SOA Threat Modeling: Attacking and Defending REST, XML and SOAP-based Services

Bookmarks

Bio

Jason Macy is the CTO at Crosscheck Networks, responsible for SOA Web Services based technologies. He previously served as VP of Engineering for Forum Systems, developing the industry's only FIPS certified hardware security gateway for XML and SOA. He was also architect for Raytheon responsible for testing and commissioning the Air Traffic Control system at Schipol Airport in Amsterdam, Holland.

About the conference

The International SOA Symposium is a yearly event that features the top SOA experts and authors from around the world, providing a series of keynotes, talks, demonstrations, panels, and SOA training and certification workshops - all with an emphasis on realizing SOA in the real world.

Recorded at:

Jan 18, 2011

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

  • How to avoid XMLS SQL attacks

    by Tor Arne Kvaløy /

    Your message is awaiting moderation. Thank you for participating in the discussion.

    Avoid this attack by not including SQL statements in your web service! :)

  • Informative presentation

    by Robert Sullivan /

    Your message is awaiting moderation. Thank you for participating in the discussion.

    Very interesting. Thanks for posting this informative presentation!

  • Nice presentation

    by Bruno Vernay /

    Your message is awaiting moderation. Thank you for participating in the discussion.

    I like the end where he outline the point that security and identity enforcement points are not anymore in the application.
    Welcome SAML and XACML.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT

Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
Country/Zone:
State/Province/Region:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.