Livin' the life...

"Security has the inherent nature of spanning many different layers of a Web Services system. Web Services vulnerabilities can be present in the operating system, the network, the database, the Web server, the application server, the XML parser, the Web Services implementation stack, the application code, the XML firewall, the Web Service monitoring or management appliance, or just about any other component in your Web Services system.

Therefore security testing, which is important for any software application, is even more crucial for Web Services. This article explores security issues specific to Web Services and illustrates the engineering and testing best practices required to ensure Web Service security throughout the Web Services development life cycle.

Step 1: Determine a Suitable Web Services Security Architecture

Transport Layer Security

Message Layer Security

Step 2: Adhere to Technology Standards

Step 3: Establish an Effective Web Services Testing Process

Step 4: Create & Maintain Reusable, Re-runnable Tests

Conclusion
Securing your Web Services is a vital aspect of ensuring a successful deployment. When deployed externally for consumption by partners or customers, only secure Web Services can provide a justifiable integration solution, because the benefits they expose should far outweigh the risks. The key to effective Web Services security is to know and be aware of the various types of security threats, understand the technical solutions for mitigating these threats then establish and follow a defined engineering process that takes security into consideration from the beginning and throughout the Web Service lifecycle. By following the four steps outlined in this article, you can ensure complete Web Service security."

By: Dr. Adam Kolawa
Apr. 17, 2007 04:30 PM

[Full Article]