BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon New York

Find real-world practical inspiration from the world’s most innovative software leaders. Attend in-person or online.
QCon San Francisco

Learn what's next in software from world-class leaders pushing the boundaries. Attend in-person or online.
The Software Architects' Newsletter

Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.

InfoQ Homepage Presentations SOA Threat Modeling: Attacking and Defending REST, XML and SOAP-based Services

QCon San Francisco (Oct 2-6, 2023): Find real-world practical inspiration from senior software engineers.

SOA Threat Modeling: Attacking and Defending REST, XML and SOAP-based Services

Bookmarks
50:07

Summary

Jason Macy explains what are the security threats targeting SOA implementations, the basic requirements for security testing and SOA gateway, attack examples and countermeasures to protect against SQL Injection, DoS, XSD Mutation, and Identity type of attacks.

Bio

Jason Macy is the CTO at Crosscheck Networks, responsible for SOA Web Services based technologies. He previously served as VP of Engineering for Forum Systems, developing the industry's only FIPS certified hardware security gateway for XML and SOA. He was also architect for Raytheon responsible for testing and commissioning the Air Traffic Control system at Schipol Airport in Amsterdam, Holland.

About the conference

The International SOA Symposium is a yearly event that features the top SOA experts and authors from around the world, providing a series of keynotes, talks, demonstrations, panels, and SOA training and certification workshops - all with an emphasis on realizing SOA in the real world.

Recorded at:

Jan 18, 2011

This content is in the Architecture topic

Related Topics:

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

  • How to avoid XMLS SQL attacks

    by Tor Arne Kvaløy,

    Your message is awaiting moderation. Thank you for participating in the discussion.

    Avoid this attack by not including SQL statements in your web service! :)

    Back to top
  • Informative presentation

    by Robert Sullivan,

    Your message is awaiting moderation. Thank you for participating in the discussion.

    Very interesting. Thanks for posting this informative presentation!

    Back to top
  • Nice presentation

    by Bruno Vernay,

    Your message is awaiting moderation. Thank you for participating in the discussion.

    I like the end where he outline the point that security and identity enforcement points are not anymore in the application.
    Welcome SAML and XACML.

    Back to top

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT