Web Application Security |The Risk, The Threats and What You Can Do About It

This site discusses some of the risks associated with using Web Services, particularly with respect to security. It details potential threats and best practices to mitigate these risks.

Introduction to YginSaf – Web Application Security

Even though Web Services standards are only a few years old, the rapid ratification by standards bodies and the committed support by major vendors are unprecedented. Companies and government agencies have been rushing in, with many projects already in production. Security, however, continues to be the leading issue and the top investment area for companies enabling Web Services. Is there a reason for this? Can existing technologies plug these security holes created by Web Services? Are the risks the same for internal and external Web Services? Are the dangers and risks more or less than with existing technologies? The benefits and ease of use make the adoption of Web Services a foregone conclusion. The real question that enterprises must ask themselves when adopting Web Services is: what are the reasonable and cost effective steps to mitigate the risks of Web Services to an acceptable level for your organization?

What are Web Services

Web Services are a new set of standards and technologies that are making a very significant impact on IT organizations. Web Services usage is predicted to increase rapidly in the next few years through a combination of grassroots development and top-down IT initiatives such as Service-Oriented Architecture (SOA).
There are many definitions of Web Services. Web Services are often described as the set of standards used to provide cross-platform, language independent application communication. It is based on XML standards and is often described as consisting of three main basic standards: SOAP (simple object access protocol), WSDL (web services description language), UDDI (universal description, discovery integration). SOAP, WSDL and UDDI are standards for connecting nearly any type of application. There are many supplemental standards that are in various stages of adoption such as WS-security, SAML, XKMS etc. Many of these are in flux with further iterations being developed.
Web Services operate at the application layer in the OSI stack and are designed to tunnel through port 80 and port 443. Nearly every software vendor has announced support for Web Services standards, including packaged application vendors such as SAP, Peoplesoft, etc., database vendors like Oracle, Sybase and desktop application vendors such as Microsoft. Even legacy mainframe systems have Web Services adapters.

.