Week 12 Reading Summary and in the News
Web Services Security – An Overview:
Web services allow complex applications to present their information in a simpler manner via common processes such as HTTP or HTTPS. The most common web service vocabularies are SOAP, WSDL and UDDI which enable the communication required to present the information. This technology provides the next phase of evolution, but does come with challenges and risks. There are a wide array of attack vectors which unprotected web services are vulnerable to such as,: Reconnaissance, Denial of Service, Integrity Attacks, Firewall Bypassing, Unintended software interactions, and immaturity of the Platform. Fortunately, several countermeasures have evolved to counter these attacks such as,: Enforce Trust Relationships, Encrypt Transport Links, Engineer Secure Components, Perform Regular Tests on Components, Reconcile WSDL Specs with Actual Operation, Use HTTP Proxy Filters, and Configuration Management.
In the NEWS: http://www.databreachtoday.eu/hackers-claim-fbi-portal-breached-a-8667
A group of hackers claims to have breached an FBI information-sharing portal and gained access to numerous sensitive systems, including records of individuals who have been arrested by U.S. federal agencies as well as tools for sharing information between U.S. federal agencies and partners located both domestically and abroad.