Abstract
Web services-based computing is currently an important driver for the software industry. While several standards bodies (such as W3C and OASIS) are laying the foundation for Web services security, several research problems must be solved to make secure Web services a reality. This talk will present techniques for Web services security and some of the challenges and recommendations for secure web services. This paper is based on our experience in developing the National Institute of Standards and Technology (NIST) Special Publication SP 800-95, “Guide to Secure Web Services”. Some of the challenges for secure web services are
-
1
End to End Quality of Service and Protection
-
1
Availability of Service
-
1
Protection from Command Injection Attacks
-
1
Identity Management
To adequately support the needs of Web services-based applications, effective risk management and appropriate deployment of alternate countermeasures are essential. Defense-in-depth through security engineering, secure software development, and architecture risk analysis can provide the robustness and reliability required by these applications.
Chapter PDF
Similar content being viewed by others
References
Singhal, A., Winograd, T., Scarfone, K.: NIST Special Publication 800-95, Guide to Secure Web Services (August 2007), http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Singhal, A. (2008). Web Services Security: Techniques and Challenges (Extended Abstract). In: Atluri, V. (eds) Data and Applications Security XXII. DBSec 2008. Lecture Notes in Computer Science, vol 5094. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70567-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-70567-3_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70566-6
Online ISBN: 978-3-540-70567-3
eBook Packages: Computer ScienceComputer Science (R0)