Security Information and Review

Collection of security information and review

Security Challenges of the Web Application Service

Author : Admin

An enterprise web application service, we can configure and use a web application services in many ways. See detail at Introduction and Guide How to Build Web Application Service, find more about many ways that can be used to provide web application services. In this discussion, we must give more attention about security of web application services. Each of ways to build web application services has unique security challenges. Whatever way we take to build web application services.


In The Web Application Service provides sensitive or restrictive information, so how we can ensure web application service more secure. More organization like Web Services Interoperability ( WSI ) identifies a number of specific types of security attacks that web services providers must take into consideration.






First main web services threats is unauthorized access. The web application services contain sensitive information, so weak authentication and authorization can be exploited to gain unauthorized access to sensitive information of our web application services. How to solution of this threats ..? We must ensure that users and services are who they claim to be and users only have access to the services and data they are permitted to have. We can use the following solutions to prevent unauthorized access to the web application services, such as use password digest, Kerberos tickets and X.509 certificates in SOAP header for authentication. Others way that we can use to prevent unauthorized access is use windows authentication and role based authorization to restrict access to web application services.


Second main web services threats is parameter manipulation. With parameter manipulation, an attacker will modification of data sent between the web services client and web service server. For example of these vulnerabilities, message that are not digitally signed and not encrypted. We can use the following countermeasures to prevent parameter manipulation, such as digitally sign of the message and encrypt the message payload to provide privacy.






Third main web services threats is network eavesdropping. With this threats, an attacker can view web services messages, may be include sensitive application data or credential information. How to an attacker view web services messages ? An attacker can use network monitoring software to retrieve sensitive application data, such as tcpdump, ethereal and others. The best solution to prevent this threat is user transport level encryption such as SSL or IPSec. We can find more information at Hardening Web Application Security with SSL.






Mohamad Widodo

Mohamad Widodo

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Web Application Security
If you like this posts, please leave messages / comments.