1 / 8

**Securing Web Services: Enhancing OWASP for Web Service Application Security** This article explores the importance of

Web service security, OWASP, web application, threats

sternberg
Download Presentation

**Securing Web Services: Enhancing OWASP for Web Service Application Security** This article explores the importance of

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP Web Services Project How OWASP can become the leading destination for “Web Service Application Security” Alex Smolen OWASP So Cal Chapter

  2. What are web services? • Web applications vs. web services • Examples of web services • Why web services?

  3. Web Service Security • Transport Layer • SSL • Message Layer • WS-Security • XML Encryption, XML Signature, SAML,… • WS-* • Application Layer • OWASP Top Ten +

  4. Additional Application Threats to Web Services • Parser Attacks • XML Bombs • External Entities • Backend Attacks • XPath, XQuery • XML Injection • Logical Attacks

  5. Web Service Security Resources • OASIS • Microsoft, IBM, Sun, etc… • Books, blogs, articles • Why OWASP?

  6. Current Projects • WebGoat 3.7 • OWASP Guide • OWASP Testing Guide

  7. Additional Ideas • WebScarab • Web service security landing page • FAQ • Tools for web service developers (?)

  8. How You Can Help • Learn about Web Service Security • Join OWASP Web Services Mailing List • Work on OWASP Web Services Project Charter • Contribute to OWASP Web Services Projects • Contact me (asmolen@parasoft.com, alex.smolen@owasp.org)

More Related