This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Web Services Cheat Sheet"
From OWASP
m (moved Web Service Cheat Sheet to Web Services Cheat Sheet) |
|||
| Line 1: | Line 1: | ||
= Introduction = | = Introduction = | ||
| + | |||
| + | This article is focused on providing guidance to securing web services and preventing web services related attacks. | ||
== Transport Confidentiality == | == Transport Confidentiality == | ||
| + | |||
| + | All communication between web services and their clients must be encrypted using | ||
| + | |||
== Transport Authentication == | == Transport Authentication == | ||
== Transport Encoding == | == Transport Encoding == | ||
Revision as of 00:52, 15 August 2011
- 1 Introduction
- 1.1 Transport Confidentiality
- 1.2 Transport Authentication
- 1.3 Transport Encoding
- 1.4 Message Authentication
- 1.5 Message Integrity
- 1.6 Message Confidentiality
- 1.7 Authorization
- 1.8 Schema Validation
- 1.9 Content Validation
- 1.10 Output Encoding
- 1.11 Virus Protection
- 1.12 Message Size
- 1.13 Message Throughput
- 1.14 Identity, key, cert, provisioning
- 1.15 Endpoint Security Profile
- 1.16 Audit Logging
- 1.17 Software Engineering Assurance
- 1.18 XML Denial of Service Protection
- 1.19 Testing
Introduction
This article is focused on providing guidance to securing web services and preventing web services related attacks.
Transport Confidentiality
All communication between web services and their clients must be encrypted using
