Web services have revolutionized application development and how IT organizations operate, much the same way that client-server and web-based applications did in the past. They offer businesses a new, standardized way of integrating disparate applications and systems between suppliers, partners, and customers. With Web 2.0, web services have become commonplace as technologies such as AJAX and JSON gain traction.
Security is a major concern affecting web services just like any other application types. The existing traditional network security infrastructure is inadequate to satisfy the security needs that XML and web services require. Foundstone offers a comprehensive Web Services Security Assessment to identify threats, vulnerabilities, and risks associated with your organization's web services infrastructure.
Every customer and web service has unique network security requirements based on their business needs and operational environment. The process begins by systematically identifying and documenting security needs. Next, threat modeling is performed to help recognize and prioritize potential threats. We then assess the security aspects of design and implementation, including confidentiality, integrity, trust relationships, and authentication using security standards like XML signatures, XML encryption, SAML, and WS-Security.
The methodology looks for XML content-based attacks, next generation web services attacks, and application infrastructure threats like SQL injection and denial of service (DoS). Web services security offerings include:
Web Services Threats: