|
|
| (12 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| − | = ACTIVE WORK IN PROGRESS AUGUST 2011 =
| + | Moved to [[Web Service Security Cheat Sheet]]. |
| − | | |
| − | = Introduction =
| |
| − | | |
| − | This article is focused on providing guidance to securing web services and preventing web services related attacks.
| |
| − | | |
| − | == Transport Confidentiality ==
| |
| − | | |
| − | All communication between web services and their clients must be encrypted using
| |
| − | | |
| − | == Transport Authentication ==
| |
| − | == Transport Encoding ==
| |
| − | == Message Authentication ==
| |
| − | == Message Integrity ==
| |
| − | == Message Confidentiality ==
| |
| − | == Authorization ==
| |
| − | | |
| − | Depending on the functionality. A web service should authorize its clients whether they have access to the method in question. This can be done using one of the following methods:
| |
| − | | |
| − | - Having clients to authorize to the web service using username and password
| |
| − | - Having clients to authorize to the web service using client certificates
| |
| − | | |
| − | == Schema Validation ==
| |
| − | | |
| − | Web services must validate SOAP payloads against the web service schema | |
| − | | |
| − | == Content Validation ==
| |
| − | == Output Encoding ==
| |
| − | == Virus Protection ==
| |
| − | == Message Size ==
| |
| − | == Message Throughput ==
| |
| − | == Identity, key, cert, provisioning ==
| |
| − | == Endpoint Security Profile ==
| |
| − | == Audit Logging ==
| |
| − | == Software Engineering Assurance ==
| |
| − | == XML Denial of Service Protection ==
| |
| − | == Testing ==
| |
| − | | |
| − | {{Cheatsheet_Navigation}}
| |
| − | | |
| − | | |
| − | [[Category:Cheatsheets]]
| |
Latest revision as of 23:18, 9 September 2011
Moved to Web Service Security Cheat Sheet.
