Synopses & Reviews
Web Services are an integral part of next generation Web applications. The development and use of these services is growing at an incredible rate, and so too are the security issues surrounding them. Hacking Web Services is a practical guide for understanding Web services security and assessment methodologies. Written for intermediate-to-advanced security professionals and developers, the book provides an in-depth look at new concepts and tools used for Web services security. Beginning with a brief introduction to Web services technologies, the book discusses Web services assessment methodology, WSDL -- an XML format describing Web services as a set of endpoints operating on SOAP messages containing information -- and the need for secure coding. Various development issues and open source technologies used to secure and harden applications offering Web services are also covered. Throughout the book, detailed case studies, real-life demonstrations, and a variety of tips and techniques are used to teach developers how to write tools for Web services. If you are responsible for securing your company's Web services, this is a must read resource!
Hacking Web Services takes an in-depth look at new concepts, theories, and tools and provides various Web services assessment methodologies various perspectives. Beginning with a brief introduction to Web services the technologies, this book discusses Web services assessment methodology, WSDL ? a major source of information, the need for secure coding, various development issues and open source technologies to secure and harden applications offering Web services. A complete practical guide for Web services security and assessment methodology, the book offers the reader an insight into some of the more critical and challenging security issues of Web services development. Detailed case studies and real-life demonstrations drive home this point.
About the Author
Shreeraj Shah, B.E., MSCS, MBA, is a co-founder of Blueinfy and SecurityExposure, companies that provide application security and On Demand Scanning services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank, and IBM in information security. Shreeraj has played an instrumental role in product development, researching new methodologies, and training designs. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments, security architecture reviews, and managing projects (Products/Services). He is the author of Web 2.0 Security (Cengage Learning, 2007), Hacking Web Services (Thomson Learning, 2006), and Web Hacking: Attacks and Defense (Addison-Wesley, 2002). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA, and OWASP. His articles are regularly published on Securityfocus, InformIT, DevX, O?reilly, and HNS. His work has been quoted on BBC, Dark Reading, and Bank Technology as an expert.
Table of Contents
Preface, Section 1: Basics of Web services and security threats; Chapter 1: Evolution of Web applications and the role of Web services; Chapter 2: Web services components; Chapter 3: Threat framework for Web services; Chapter 4: Set of technologies for Web services; Section 2: Web Services Security Assessment (Hacking); Chapter 5: Web services assessment methodology and approaches; Chapter 6: Footprinting, Discover, and Public Search; Chapter 7: Web Services Enumeration, Profiling, and Invoking; Chapter 8: Web Services Attack Vectors and Threats; Section 3: Web Services Security frame work; Chapter 9: Web services defense by deployment on different platforms, Chapter 10: Open source tools and products; Chapter 11: Secure coding for Web services; Chapter 12: Developing tools for Web services attacks and defense; Section 4: Exhibits