RSA Conference 2006

RSA Conference 2006 – Summary   Sorry for the late post, but I flew straight from RSA in San Jose to Sydney Australia for the patterns & practices summit. I wanted to include a brief summary of the sessions that I was interested in…   Keynote: Bill Gates Anyway, the conference opened with my boss…

2

Web service security – Threats and Countermeasures – Part 4 : Message Protection – Sign and Encrypt and Encrypt Signature!

Threats  Network eavesdropping leads to disclosure of confidential information even though the SOAP message body is encrypted Vulnerabilities  Many web service security platforms support signing and encrypting SOAP messages (see Threat 1 – Message Protection), however, what isn’t always obvious is that the XML signature created to verify data integrity is often sent in plain…

1

Web Service Security UsernameToken Primer

Challenge A subject that I still see a lot of misunderstanding around is how best to use the UsernameToken when using a user id and password as the basis of authentication for a Web service. Recommendations First and foremost ensure you are protecting password information in the database – preferably by hashing and salting the…

3