Scott Densmore leaves patterns & practices

I just noticed that Scott has posted his obituary on his blog. He leaves PAG and joins another team within Microsoft… Take a look at http://blogs.msdn.com/scottdensmore/comments/501362.aspx for more information… The good news is that over the last couple of years p&p has built an awesome dev team with the likes of Pete Provost and Brad Wilson…

1

Web service security – Threats and Countermeasures – Part 2 : Message Replay Protection

Threats Messages may traverse untrusted intermediaries on an insecure network – any of whom could capture the message and resend the message to the service. A replayed message will often cause data inconsistencies (especially true of update operations) Vulnerabilities Limited support for preventing replayed messages Many replay caches do not support web farms – meaning that…

0

Web service security – Threats and Countermeasures – Introduction

I am starting a series of entries that aim to provide an overview to major threats related to web service security. My goal is to not only inform people of what some major threats are but also stimulate some discussion and pointers to other threats that people consider interesting. Before I start I have created…

0

Web service security – Threats and Countermeasures – Part 1 : Message Protection – Integrity and Confidentiality

Threats Network eavesdropping leads to disclosure of confidential information An attacker manipulates a message in transit influencing the service’s behavior Vulnerabilities Lack of end to end encryption when sending SOAP messages Lack of a digital signature to verify authenticity of a SOAP message Countermeasures Message Protection Design Patterns: Data Origin Authentication – See http://msdn.microsoft.com/practices/default.aspx?pull=/library/en-us/dnpag2/html/wss_ch2_intro.asp  Data…

0

Everything you ever wanted to know about the Web service security UsernameToken

I am still getting used to the blogging tool – so figured I would try out creating an article. Knocked this little beauty up on UsernameToken’s as I know that is something that has caused a lot of confusion in the past. http://blogs.msdn.com/thehoggblog/articles/504526.aspx    

4

Web Service Security UsernameToken Primer

Challenge A subject that I still see a lot of misunderstanding around is how best to use the UsernameToken when using a user id and password as the basis of authentication for a Web service. Recommendations First and foremost ensure you are protecting password information in the database – preferably by hashing and salting the…

3

Web service security: Scenarios, Patterns and Implementations is live

The timing couldn’t have worked out any better if we had of tried. We presented our Web Service Security : Scenarios, Patterns and Implementations guide for the first time ever at the patterns & practices summit today – and I just received word that the content has just gone live on MSDN. So, if you…

0