services

Web Services Security Assessment

Web Services are poised to revolutionize application development and how IT organizations operate, much the same way that client-server and web-based applications did in the past. They offer businesses a new, standardized way of integrating disparate applications and systems between suppliers, partners and customers. Gartner predicts that by 2007, web services will enable 80 percent of all hybrid IT utilities deployed by US companies.

Foundstone offers a comprehensive security assessment methodology to identify threats, vulnerabilities and risks associated with your organization’s web services infrastructure.

Web services security is a major concern and stumbling block affecting widespread adoption. The existing traditional network security infrastructure is inadequate to satisfy the security needs that XML and web services present. Foundstone offers a comprehensive web services security assessment methodology to identify threats, vulnerabilities and risks associated with your organization's web services infrastructure.

Every customer and web service has its own unique network security requirements based on their business needs and operational environment. The process begins by systematically identifying and documenting security needs. Threat modeling is performed next to help us recognize and prioritize potential threats. We then assess the security aspects of design and implementation—confidentiality, integrity, trust relationships, and authentication using security standards like XML signatures, XML encryption, SAML and WS-Security.

The methodology looks for XML content-based attacks, next generation web services attacks, and application infrastructure attacks like SQL injection and denial of service (DoS). Web services security offerings include:

Web Services Threats

  • XML Content attacks
    • Coercive Parsing
    • External entity
    • Parameter tampering
    • (XPATH / XQUERY)
    • Recursive payload
    • Oversized payload
  • Web Services attacks
    • WSDL scanning
    • Schema poisoning
  • Infrastructure attacks
    • Information Enumeration
    • Authentication/Authorization
    • Input validation (SQL / XSS)
    • Error handling
    • Web server / network layer

Click here to view a full datasheet about this service.

Contact us to learn how our security services can help you protect your most important assets today.

RFP Template

Foundstone has developed this Request for Proposal("RFP") template to help organizations identify and select a quality security vendor to perform professional services work.

> Download