Re: SOA / Web Services security

[Petko Petkov <ppetkov () gnucitizen org>]

Hi sk00t,
Web Service Security is one of the gray areas in the computer security
industry. There aren't any good tutorials and information sources that
are showing practical examples how to break WS. Don't try to read
Hacking Exposed or any other book. I suggest to go and read W3 website,
mainly the SOAP, WSDL and XML-RPC sections. You also need to learn about
XSD and XSI.

You can check my website as well: http://www.gnucitizen.org. I will soon
put some practical examples on the topic.

Cheers!

sk00t wrote:
> Can someone on the list point me to some good links / books on SOA / Web Services security? This is a relatively new 
> area for me, so I'm not sure if any widely adopted standards exist yet... I'm working on a Forum implementation and 
> need to write some standards / templates for how we deploy SOAP apps.
>
>
>
> TIA,
>
> --sk00t
>
>