CABA Information Series

IS-2004-25: XML Web Services Security: Learning From Application Security Disasters

Adoption of Web Services technology promises potentially great benefits, but like most new technology adoption, there are also serious questions about new information security risks. This paper, written by John Sebes of Integral Security Consulting, presents methods for protecting data that is encoded in a database using XML, and transmitted using SOAP via the Internet. Recommendations are provided for data encryption, user authentication, validated code packets, and checking queries into a database.


(Adobe PDF File)