The concept of web services has become ubiquitous over the last few years. Frameworks are now available across many platforms and languages to greatly ease and expedite the development of web services, often with a vast amount of existing code reuse. Software companies are taking advantage of this by integrating this technology into their products giving increased power and interoperability to their customers. However, the power web services enables also introduces new risks to an environment. As with web applications, development has outpaced the understanding and mitigation of vulnerabilities that arise from this emerging technology. This presentation will first aim to identify the risks associated with web services. We will describe the existing security standards and technologies which target web services (i.e., WS-Security) including its history, pros and cons, and current status. Finally we will attempt to extrapolate the future of this space to determine what changes must be made going forward.
Praetorian's goal is to help our clients understand minimize their overall security exposure and liability. Through our services, your organization can obtain an accurate, independent security assessment.