SlideShare a Scribd company logo

Web services

Download as PPTX, PDF
Vinay Kumar
Vinay Kumar

Web services allow different applications to communicate over the web using XML. They operate on the server side and can perform tasks when called by client applications. While web services provide application integration, they also present some security concerns like buffer overflows, XML injections, and session hijacking that could allow attackers to damage systems or steal data. Tools are available to help secure web applications and detect vulnerabilities in web services.

Technology
1 of 12
WEB SERVICES The Technology & Its Security Concerns
Before Web Services  Application-to-application integration was an issue which required a solution.  Web Service act as a middle agent between two different applications.
Definition  Deducing from previous facts,we define Web Service as one which provides a web API that enables two applications to communicate using XML over web.  It s architecture comprises of different technologies which enables a client to obtain data from server using SOAP protocol.
Salient Features  Operates on server side.  Performs a task when called by an application(client).  Can be developed in any language.  Can be deployed on any platform.  Most imp.-It can be accessed by any application regardless of language used to develop that application.
Building Blocks  A Web Service is registered in a Web Service registry-UDDI Provider.  It is a central directory containing all service descriptions.  An application uses it to call the specific service it requires.  Web Service uses XML to communicate with other services or applications.
Web Service in action
Security Concerns Three major methods attack found on Web Services are-  Buffer Overflows  XML Injections  Session Hijacking
Security Concerns… BUFFER OVERFLOWS • Common effects include DOS,data corruption,malicious code execution • DOS attack-Forcing a server to parse an abnormally long XML file. • Another attack can be sending a block of data to an application which is stored in a buffer of insufficient size.
Security Concerns… XML INJECTIONS • Common effects include schema poisoning , data theft & deletion • SQL injection is a threat to server if data is not validated. • Schema file is used by XML parser to interpret XML’s grammar & structure. An attacker may damage or replace original schema.
Security Concerns… SESSION HIJACKING • Common effects include obtaining of user privileges within network or application. • An attacker can intercept SOAP messages & thus hijack a user’s session.
Conclusion  Web services allow many technologies to collaborate & communicate with each other.  Some tools developed to detect vulnerabilities & securing web applications include Web vulnerability scanner,Web services scanning tool,Web service editor etc.
Web services

Recommended

Secure Code Warrior - Local file inclusion
Secure Code Warrior - Local file inclusionSecure Code Warrior - Local file inclusion
Secure Code Warrior - Local file inclusionSecure Code Warrior
 
Web development: Why do we need it ?
Web development: Why do we need it ?Web development: Why do we need it ?
Web development: Why do we need it ?anubhavdoodleblue123
 
Secure Code Warrior - Trust no input
Secure Code Warrior - Trust no inputSecure Code Warrior - Trust no input
Secure Code Warrior - Trust no inputSecure Code Warrior
 
Flex And Java Integration
Flex And Java IntegrationFlex And Java Integration
Flex And Java Integrationravinxg
 
Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1Vibrant Technologies & Computers
 
Client Server Architecture ppt
Client Server Architecture pptClient Server Architecture ppt
Client Server Architecture pptOECLIB Odisha Electronics Control Library
 
Flex And Java Integration
Flex And Java IntegrationFlex And Java Integration
Flex And Java Integrationrssharma
 
Onion architecture overview
Onion architecture overviewOnion architecture overview
Onion architecture overviewAnton Shcherbyna
 

Recommended

Secure Code Warrior - Local file inclusion
Secure Code Warrior - Local file inclusionSecure Code Warrior - Local file inclusion
Secure Code Warrior - Local file inclusionSecure Code Warrior
 
Web development: Why do we need it ?
Web development: Why do we need it ?Web development: Why do we need it ?
Web development: Why do we need it ?anubhavdoodleblue123
 
Secure Code Warrior - Trust no input
Secure Code Warrior - Trust no inputSecure Code Warrior - Trust no input
Secure Code Warrior - Trust no inputSecure Code Warrior
 
Flex And Java Integration
Flex And Java IntegrationFlex And Java Integration
Flex And Java Integrationravinxg
 
Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1Vibrant Technologies & Computers
 
Client Server Architecture ppt
Client Server Architecture pptClient Server Architecture ppt
Client Server Architecture pptOECLIB Odisha Electronics Control Library
 
Flex And Java Integration
Flex And Java IntegrationFlex And Java Integration
Flex And Java Integrationrssharma
 
Onion architecture overview
Onion architecture overviewOnion architecture overview
Onion architecture overviewAnton Shcherbyna
 
Selenium
SeleniumSelenium
Seleniumsunilabj
 
Web service implementation
Web service implementationWeb service implementation
Web service implementationYatindra Sahu
 
Web Security
Web SecurityWeb Security
Web SecurityRita Mehra
 
ملخص تحليل الانظمة وتصميمها - الوحدة السابعة
ملخص تحليل الانظمة وتصميمها - الوحدة السابعةملخص تحليل الانظمة وتصميمها - الوحدة السابعة
ملخص تحليل الانظمة وتصميمها - الوحدة السابعةجامعة القدس المفتوحة
 
Injection flaws
Injection flawsInjection flaws
Injection flawsDANISH INAMDAR
 
Secure Code Warrior - Least privilege
Secure Code Warrior - Least privilegeSecure Code Warrior - Least privilege
Secure Code Warrior - Least privilegeSecure Code Warrior
 
Test_PPT
Test_PPTTest_PPT
Test_PPTVenkat Avula
 
Ead pertemuan-7
Ead pertemuan-7Ead pertemuan-7
Ead pertemuan-7Yudha Arif Budiman
 
SOA & WCF
SOA & WCFSOA & WCF
SOA & WCFDev Raj Gautam
 
Build your silver light application
Build your silver light applicationBuild your silver light application
Build your silver light applicationPranay Rana
 
Websphere - Intoduction to Unicode websphere
Websphere - Intoduction to Unicode websphereWebsphere - Intoduction to Unicode websphere
Websphere - Intoduction to Unicode websphereVibrant Technologies & Computers
 
AM Side details
AM Side detailsAM Side details
AM Side detailsRandhir Singh
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptShivanand Arur
 
SERVER SIDE PROGRAMMING
SERVER SIDE PROGRAMMINGSERVER SIDE PROGRAMMING
SERVER SIDE PROGRAMMINGPrabu U
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
Server Side Programming
Server Side ProgrammingServer Side Programming
Server Side ProgrammingMilan Thapa
 
Einfacher Einstieg – UCS Portalservice und SSO in der Praxis
Einfacher Einstieg – UCS Portalservice und SSO in der PraxisEinfacher Einstieg – UCS Portalservice und SSO in der Praxis
Einfacher Einstieg – UCS Portalservice und SSO in der PraxisUnivention GmbH
 
Session vi(user control)
Session vi(user control)Session vi(user control)
Session vi(user control)Shrijan Tiwari
 
J2EE
J2EEJ2EE
J2EEhusnara mohammad
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...WebStackAcademy
 
What is a_memory_box
What is a_memory_boxWhat is a_memory_box
What is a_memory_boxukdementia
 
Compost by Dan B
Compost by Dan BCompost by Dan B
Compost by Dan BDan Beattie
 

More Related Content

What's hot

Web service implementation
Web service implementationWeb service implementation
Web service implementationYatindra Sahu
 
ملخص تحليل الانظمة وتصميمها - الوحدة السابعة
ملخص تحليل الانظمة وتصميمها - الوحدة السابعةملخص تحليل الانظمة وتصميمها - الوحدة السابعة
ملخص تحليل الانظمة وتصميمها - الوحدة السابعةجامعة القدس المفتوحة
 
Secure Code Warrior - Least privilege
Secure Code Warrior - Least privilegeSecure Code Warrior - Least privilege
Secure Code Warrior - Least privilegeSecure Code Warrior
 
Build your silver light application
Build your silver light applicationBuild your silver light application
Build your silver light applicationPranay Rana
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptShivanand Arur
 
SERVER SIDE PROGRAMMING
SERVER SIDE PROGRAMMINGSERVER SIDE PROGRAMMING
SERVER SIDE PROGRAMMINGPrabu U
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
Server Side Programming
Server Side ProgrammingServer Side Programming
Server Side ProgrammingMilan Thapa
 
Einfacher Einstieg – UCS Portalservice und SSO in der Praxis
Einfacher Einstieg – UCS Portalservice und SSO in der PraxisEinfacher Einstieg – UCS Portalservice und SSO in der Praxis
Einfacher Einstieg – UCS Portalservice und SSO in der PraxisUnivention GmbH
 
Session vi(user control)
Session vi(user control)Session vi(user control)
Session vi(user control)Shrijan Tiwari
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...WebStackAcademy
 

What's hot (20)

Selenium
SeleniumSelenium
Selenium
 
Web service implementation
Web service implementationWeb service implementation
Web service implementation
 
Web Security
Web SecurityWeb Security
Web Security
 
ملخص تحليل الانظمة وتصميمها - الوحدة السابعة
ملخص تحليل الانظمة وتصميمها - الوحدة السابعةملخص تحليل الانظمة وتصميمها - الوحدة السابعة
ملخص تحليل الانظمة وتصميمها - الوحدة السابعة
 
Injection flaws
Injection flawsInjection flaws
Injection flaws
 
Secure Code Warrior - Least privilege
Secure Code Warrior - Least privilegeSecure Code Warrior - Least privilege
Secure Code Warrior - Least privilege
 
Test_PPT
Test_PPTTest_PPT
Test_PPT
 
Ead pertemuan-7
Ead pertemuan-7Ead pertemuan-7
Ead pertemuan-7
 
SOA & WCF
SOA & WCFSOA & WCF
SOA & WCF
 
Build your silver light application
Build your silver light applicationBuild your silver light application
Build your silver light application
 
Websphere - Intoduction to Unicode websphere
Websphere - Intoduction to Unicode websphereWebsphere - Intoduction to Unicode websphere
Websphere - Intoduction to Unicode websphere
 
AM Side details
AM Side detailsAM Side details
AM Side details
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
 
SERVER SIDE PROGRAMMING
SERVER SIDE PROGRAMMINGSERVER SIDE PROGRAMMING
SERVER SIDE PROGRAMMING
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.net
 
Server Side Programming
Server Side ProgrammingServer Side Programming
Server Side Programming
 
Einfacher Einstieg – UCS Portalservice und SSO in der Praxis
Einfacher Einstieg – UCS Portalservice und SSO in der PraxisEinfacher Einstieg – UCS Portalservice und SSO in der Praxis
Einfacher Einstieg – UCS Portalservice und SSO in der Praxis
 
Session vi(user control)
Session vi(user control)Session vi(user control)
Session vi(user control)
 
J2EE
J2EEJ2EE
J2EE
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
 

Viewers also liked

What is a_memory_box
What is a_memory_boxWhat is a_memory_box
What is a_memory_boxukdementia
 
Compost by Dan B
Compost by Dan BCompost by Dan B
Compost by Dan BDan Beattie
 
Assisted Living with Dementia
Assisted Living with DementiaAssisted Living with Dementia
Assisted Living with Dementiaukdementia
 
Cave Paintings of the Early Hominids
Cave Paintings of the Early HominidsCave Paintings of the Early Hominids
Cave Paintings of the Early HominidsJennifer Dose
 
Satellite communication; a realistic alternative
Satellite communication; a realistic alternativeSatellite communication; a realistic alternative
Satellite communication; a realistic alternativeklezeh
 
How to Add-Change-View Grameenphone FnF Numbers
How to Add-Change-View Grameenphone FnF NumbersHow to Add-Change-View Grameenphone FnF Numbers
How to Add-Change-View Grameenphone FnF NumbersBangladesh Point
 
On halloween night_
On halloween night_On halloween night_
On halloween night_Jackie10297
 
Sickle cell disease registry and prevalence of sickle cell disease in kenya b...
Sickle cell disease registry and prevalence of sickle cell disease in kenya b...Sickle cell disease registry and prevalence of sickle cell disease in kenya b...
Sickle cell disease registry and prevalence of sickle cell disease in kenya b...Kesho Conference
 
2012 13 egl coursebook
2012 13 egl coursebook2012 13 egl coursebook
2012 13 egl coursebookwscenglish
 
The making of texas cancer centre by catherine nyongesa
The making of texas cancer centre by catherine nyongesaThe making of texas cancer centre by catherine nyongesa
The making of texas cancer centre by catherine nyongesaKesho Conference
 
Use of flow cytometric immunophenotyping by teresa lotodo
Use of flow cytometric immunophenotyping by teresa lotodoUse of flow cytometric immunophenotyping by teresa lotodo
Use of flow cytometric immunophenotyping by teresa lotodoKesho Conference
 

Viewers also liked (15)

What is a_memory_box
What is a_memory_boxWhat is a_memory_box
What is a_memory_box
 
Compost by Dan B
Compost by Dan BCompost by Dan B
Compost by Dan B
 
Assisted Living with Dementia
Assisted Living with DementiaAssisted Living with Dementia
Assisted Living with Dementia
 
Cave Paintings of the Early Hominids
Cave Paintings of the Early HominidsCave Paintings of the Early Hominids
Cave Paintings of the Early Hominids
 
Satellite communication; a realistic alternative
Satellite communication; a realistic alternativeSatellite communication; a realistic alternative
Satellite communication; a realistic alternative
 
The Difference Between .com, .net, .org and Why We’re About To See Many More ...
The Difference Between .com, .net, .org and Why We’re About To See Many More ...The Difference Between .com, .net, .org and Why We’re About To See Many More ...
The Difference Between .com, .net, .org and Why We’re About To See Many More ...
 
Top 20 Marketing.Automation.Solutions
Top 20 Marketing.Automation.Solutions Top 20 Marketing.Automation.Solutions
Top 20 Marketing.Automation.Solutions
 
Six Extra Skills Every PHP Developer Should Have!!!!!!!
Six Extra Skills Every PHP Developer Should Have!!!!!!!Six Extra Skills Every PHP Developer Should Have!!!!!!!
Six Extra Skills Every PHP Developer Should Have!!!!!!!
 
How to Add-Change-View Grameenphone FnF Numbers
How to Add-Change-View Grameenphone FnF NumbersHow to Add-Change-View Grameenphone FnF Numbers
How to Add-Change-View Grameenphone FnF Numbers
 
On halloween night_
On halloween night_On halloween night_
On halloween night_
 
Photoshop reference
Photoshop referencePhotoshop reference
Photoshop reference
 
Sickle cell disease registry and prevalence of sickle cell disease in kenya b...
Sickle cell disease registry and prevalence of sickle cell disease in kenya b...Sickle cell disease registry and prevalence of sickle cell disease in kenya b...
Sickle cell disease registry and prevalence of sickle cell disease in kenya b...
 
2012 13 egl coursebook
2012 13 egl coursebook2012 13 egl coursebook
2012 13 egl coursebook
 
The making of texas cancer centre by catherine nyongesa
The making of texas cancer centre by catherine nyongesaThe making of texas cancer centre by catherine nyongesa
The making of texas cancer centre by catherine nyongesa
 
Use of flow cytometric immunophenotyping by teresa lotodo
Use of flow cytometric immunophenotyping by teresa lotodoUse of flow cytometric immunophenotyping by teresa lotodo
Use of flow cytometric immunophenotyping by teresa lotodo
 

Similar to Web services

SOA Fundamentals
SOA FundamentalsSOA Fundamentals
SOA Fundamentalsabhi1112
 
Peoplesoft PIA architecture
Peoplesoft PIA architecturePeoplesoft PIA architecture
Peoplesoft PIA architectureAmit rai Raaz
 
Browser Security ppt.pptx
Browser Security ppt.pptxBrowser Security ppt.pptx
Browser Security ppt.pptxAjaySahre
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 
Web Services in Cloud Computing.pptx
Web Services in Cloud Computing.pptxWeb Services in Cloud Computing.pptx
Web Services in Cloud Computing.pptxssuser403d87
 
Distributed system architecture
Distributed system architectureDistributed system architecture
Distributed system architectureYisal Khan
 
Web programming
Web programmingWeb programming
Web programmingsowfi
 
Web services concepts, protocols and development
Web services concepts, protocols and developmentWeb services concepts, protocols and development
Web services concepts, protocols and developmentishmecse13
 
Securing Web Application, Services and Servers
Securing Web Application, Services and ServersSecuring Web Application, Services and Servers
Securing Web Application, Services and ServersDr.S.Jagadeesh Kumar
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionAustina Francis
 
Web Service Implementation Using ASP.NET
Web Service Implementation Using ASP.NETWeb Service Implementation Using ASP.NET
Web Service Implementation Using ASP.NETPonraj
 
Introduction to Web Services
Introduction to Web ServicesIntroduction to Web Services
Introduction to Web Servicesrajeevkuruganti
 
Advantage of WCF Over Web Services
Advantage of WCF Over Web ServicesAdvantage of WCF Over Web Services
Advantage of WCF Over Web ServicesSiva Tharun Kola
 
Displaying google maps in mobileapplication.pptx
Displaying google maps in mobileapplication.pptxDisplaying google maps in mobileapplication.pptx
Displaying google maps in mobileapplication.pptxsanaiftikhar23
 

Similar to Web services (20)

Cc unit 2 updated
Cc unit 2 updatedCc unit 2 updated
Cc unit 2 updated
 
SOA Fundamentals
SOA FundamentalsSOA Fundamentals
SOA Fundamentals
 
Peoplesoft PIA architecture
Peoplesoft PIA architecturePeoplesoft PIA architecture
Peoplesoft PIA architecture
 
Java web services
Java web servicesJava web services
Java web services
 
Browser Security ppt.pptx
Browser Security ppt.pptxBrowser Security ppt.pptx
Browser Security ppt.pptx
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
 
Web Services in Cloud Computing.pptx
Web Services in Cloud Computing.pptxWeb Services in Cloud Computing.pptx
Web Services in Cloud Computing.pptx
 
Distributed system architecture
Distributed system architectureDistributed system architecture
Distributed system architecture
 
Web services
Web servicesWeb services
Web services
 
Web programming
Web programmingWeb programming
Web programming
 
Web services concepts, protocols and development
Web services concepts, protocols and developmentWeb services concepts, protocols and development
Web services concepts, protocols and development
 
Securing Web Application, Services and Servers
Securing Web Application, Services and ServersSecuring Web Application, Services and Servers
Securing Web Application, Services and Servers
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protection
 
Web Service Implementation Using ASP.NET
Web Service Implementation Using ASP.NETWeb Service Implementation Using ASP.NET
Web Service Implementation Using ASP.NET
 
Introduction to Web Services
Introduction to Web ServicesIntroduction to Web Services
Introduction to Web Services
 
DEfcon15 XXE XXS
DEfcon15 XXE XXSDEfcon15 XXE XXS
DEfcon15 XXE XXS
 
Overview of web services
Overview of web servicesOverview of web services
Overview of web services
 
Advantage of WCF Over Web Services
Advantage of WCF Over Web ServicesAdvantage of WCF Over Web Services
Advantage of WCF Over Web Services
 
Displaying google maps in mobileapplication.pptx
Displaying google maps in mobileapplication.pptxDisplaying google maps in mobileapplication.pptx
Displaying google maps in mobileapplication.pptx
 
Presentation1REVIEW
Presentation1REVIEWPresentation1REVIEW
Presentation1REVIEW
 

Recently uploaded

Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxjbellis
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 

Recently uploaded (20)

Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 

Web services

  • 1. WEB SERVICES The Technology & Its Security Concerns
  • 2. Before Web Services  Application-to-application integration was an issue which required a solution.  Web Service act as a middle agent between two different applications.
  • 3. Definition  Deducing from previous facts,we define Web Service as one which provides a web API that enables two applications to communicate using XML over web.  It s architecture comprises of different technologies which enables a client to obtain data from server using SOAP protocol.
  • 4. Salient Features  Operates on server side.  Performs a task when called by an application(client).  Can be developed in any language.  Can be deployed on any platform.  Most imp.-It can be accessed by any application regardless of language used to develop that application.
  • 5. Building Blocks  A Web Service is registered in a Web Service registry-UDDI Provider.  It is a central directory containing all service descriptions.  An application uses it to call the specific service it requires.  Web Service uses XML to communicate with other services or applications.
  • 6. Web Service in action
  • 7. Security Concerns Three major methods attack found on Web Services are-  Buffer Overflows  XML Injections  Session Hijacking
  • 8. Security Concerns… BUFFER OVERFLOWS • Common effects include DOS,data corruption,malicious code execution • DOS attack-Forcing a server to parse an abnormally long XML file. • Another attack can be sending a block of data to an application which is stored in a buffer of insufficient size.
  • 9. Security Concerns… XML INJECTIONS • Common effects include schema poisoning , data theft & deletion • SQL injection is a threat to server if data is not validated. • Schema file is used by XML parser to interpret XML’s grammar & structure. An attacker may damage or replace original schema.
  • 10. Security Concerns… SESSION HIJACKING • Common effects include obtaining of user privileges within network or application. • An attacker can intercept SOAP messages & thus hijack a user’s session.
  • 11. Conclusion  Web services allow many technologies to collaborate & communicate with each other.  Some tools developed to detect vulnerabilities & securing web applications include Web vulnerability scanner,Web services scanning tool,Web service editor etc.