<<As web applications increased in sophistication, potential exploits evolved in complexity as well. Here is a sampling of the threats that are often perpetrated against these applications:
SQL injection - where an attacker would append SQL statements to an entry in a web based form to take advantage of a possible coding flaw whereby the SQL statement would inadvertantly be executed. The SQL statement would then yield valuable information from the web application database. Cookie manipulation - the attacker manipulates parameters of an existing or harvested cookie to gain access and compromise a system Cross-site scripting where the server processes a malicious script, leading to web defacement, cookie harvesting or other generally bad stuff. Other threats that assail newer web applications include XML based attacks that target the applications ability to process malformed or non-conformant XML documents. How does one protect against these threats from an enterprise security perspective? Conducting regular security audits and building a "defense-in-depth" approach to your security architecture are important ingredients to any secure enterprise. It is important that security audits include code level inspection of your web application to ferret out command injection or buffer overflow vulnerabilities. However, specifically to web application security, one should supplement with XML inspection conducted either as part of an XML firewall or an IPS that has incorporates that capability. While doing the above will allow your security administrator to sleep easier at night, it doesn't necessarily mean that you're equipped to make the transition to securing your web services architecture.>> You can find this blog at: <http://www.ebizq.net/blogs/security_insider/2006/06/web_services_security_web_appl.php> Gervas ------------------------ Yahoo! Groups Sponsor --------------------~--> Protect your PC from spy ware with award winning anti spy technology. It's free. http://us.click.yahoo.com/97bhrC/LGxNAA/yQLSAA/NhFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
