Week 12 Takeaways

Reading Summary: Web Services

Web services is a tactic used to improve productivity in terms of increasing the speed and quality of information flow, as well as to make it easier for producers and consumers of information to locate each other and exchange value. The goal and the main approach of web services is the replacement of middleware protocols (i.e.: COBRA) with a vendor neutral services architecture that operates over HTTP. In addition, it provides the means to advertise the availability of component services and the pre-defined usage rules. As great and efficient as this approach sounds, there is a big concern regarding the security of web services. Organizations are vulnerable to various attacks ranging from reconnaissance, DoS, integrity attacks, bypassing of firewalls, etc. Moreover, XML web services are evolving as the building blocks for creating distributed integrated solutions across the Internet regardless of where they reside or how they were implemented. However, XML lacks support in terms of security within the initial version of standard. This threat results in concerns dealing with confidentiality and message integrity. However, organizations are being proactive and in the way of creating a standardized security framework for XML web services.

Question for the class:

Have you experienced a web service attack in your organization, and if so, how was it handled?

In the news:  “Thai government websites hit by denial-of-service attack”

Several Thai government websites have been hit by a suspected DDoS attack targeting the site of the ministry of information, communications and technology and the main government website of tahigov.go.th. This attack appeared to be a protest against the government’s plan to limit access to sites deemed inappropriate where thousands of people have signed a petition against the proposal known as the “Great Firewall of Thailand.”

For additional information regarding this article, please click here.