OWASP Web Services Project How OWASP can become the leading destination for “Web Service Application Security” OWASP AppSec DC October 2005 Alex Smolen OWASP So Cal Chapter Copyright ©
Download ReportTranscript OWASP Web Services Project How OWASP can become the leading destination for “Web Service Application Security” OWASP AppSec DC October 2005 Alex Smolen OWASP So Cal Chapter Copyright ©
OWASP Web Services Project How OWASP can become the leading destination for “Web Service Application Security” OWASP AppSec DC October 2005 Alex Smolen OWASP So Cal Chapter Copyright © 2005 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation http://www.owasp.org/ What are web services? Web applications vs. web services Examples of web services Why web services? OWASP AppSec DC 2005 2 Web Service Security Transport Layer SSL Message Layer WS-Security XML Encryption, XML Signature, SAML,… WS-* Application Layer OWASP Top Ten + OWASP AppSec DC 2005 3 Additional Application Threats to Web Services Parser Attacks XML Bombs External Entities Backend Attacks XPath, XQuery XML Injection Logical Attacks OWASP AppSec DC 2005 4 Web Service Security Resources OASIS Microsoft, IBM, Sun, etc… Books, blogs, articles Why OWASP? OWASP AppSec DC 2005 5 Current Projects WebGoat 3.7 OWASP Guide OWASP Testing Guide OWASP AppSec DC 2005 6 Additional Ideas WebScarab Web service security landing page FAQ Tools for web service developers (?) OWASP AppSec DC 2005 7 How You Can Help Learn about Web Service Security Join OWASP Web Services Mailing List Work on OWASP Web Services Project Charter Contribute to OWASP Web Services Projects Contact me ([email protected], [email protected]) OWASP AppSec DC 2005 8