HI Simon
My name is Simon and I am a student at the KTH in Stockholm/Sweden.
Right now I am doing a little thesis work with the topic "Security
Framework for Web-Services". During my research I found the synapse tool
and it really totally fits my needs.
Cool.. glad to hear that!
Here is what I plan to do:
-Using Synapse for applying WS-Security standards to messages (Digital
Signature, Encryption, ..)
-Using Synapse to filter out dangerous parts of messages to apply
Aplication Security
While the first part, concerning the network layer security, is based on
mature methods and technologies, it is only about applying the standards
to the message. The second part however, concering the application layer
security, needs some further research about common attacks on
web-services.
Until now I thought about filtering ' to prevent a SQL Injection or to
filter/annotate HTML tags, to prevent code injection. As you can see
this part is still a bit fuzzy.
I am not familiar with this area, but I do not think typical "web
services" expose themselves for SQL injection or HTML within the
payloads etc.. Do you have any concrete evidence related to this to
select this area?
Has anyone of you some more ideas about that?
You could also join the Apache Rampart mailing lists where the
WS-Security experts hang in, and get their views which should be more
useful to you..
I also appreciate ideas about the other parts and the whole project!
I am not sure how much time you could afford to keep looking at Synapse
during your studies, but if you are interested to contribute to the
project and/or get involved with say a GSoC project etc, let us know
cheers
asankha
--
Asankha C. Perera
AdroitLogic, http://adroitlogic.org
http://esbmagic.blogspot.com
