InfoQ Homepage Presentations SOA Threat Modeling: Attacking and Defending REST, XML and SOAP-based Services
SOA Threat Modeling: Attacking and Defending REST, XML and SOAP-based Services
Summary
Jason Macy explains what are the security threats targeting SOA implementations, the basic requirements for security testing and SOA gateway, attack examples and countermeasures to protect against SQL Injection, DoS, XSD Mutation, and Identity type of attacks.
Bio
Jason Macy is the CTO at Crosscheck Networks, responsible for SOA Web Services based technologies. He previously served as VP of Engineering for Forum Systems, developing the industry's only FIPS certified hardware security gateway for XML and SOA. He was also architect for Raytheon responsible for testing and commissioning the Air Traffic Control system at Schipol Airport in Amsterdam, Holland.
About the conference
The International SOA Symposium is a yearly event that features the top SOA experts and authors from around the world, providing a series of keynotes, talks, demonstrations, panels, and SOA training and certification workshops - all with an emphasis on realizing SOA in the real world.
Community comments
How to avoid XMLS SQL attacks
by Tor Arne Kvaløy,
Informative presentation
by Robert Sullivan,
Nice presentation
by Bruno Vernay,
How to avoid XMLS SQL attacks
by Tor Arne Kvaløy,
Your message is awaiting moderation. Thank you for participating in the discussion.
Avoid this attack by not including SQL statements in your web service! :)
Informative presentation
by Robert Sullivan,
Your message is awaiting moderation. Thank you for participating in the discussion.
Very interesting. Thanks for posting this informative presentation!
Nice presentation
by Bruno Vernay,
Your message is awaiting moderation. Thank you for participating in the discussion.
I like the end where he outline the point that security and identity enforcement points are not anymore in the application.
Welcome SAML and XACML.