CSI 33 Orlando

I like the fact that Orlando Airport offers a free wireless connection and that I am able to make this blog entry in front of Terminal 73 while I wait for my flight back to Boston.

CSI 33 is a Computer Security Conference where security professional gather to stay current with IT security related issues. This is my second CSI and just by the attendance at my talk, I can see the rapidly increasing interest amongst Security Professional in testing, discovering and remediating SOA security related issues. CSI 33 had an entire Web Service Track with four sessions around SOA Security and Threat related issues. I chose to present under the Attacks and Countermeasures track and was pleasantly surprised that the room was almost packed for an early morning session. I was also impressed by the level of questions coming in from the audience. One individual from Salesforce.com was focused on security issues for the web services based AppExchange interface with over 400 third party applications developed against their API.

More so than ever, I believe that Web Services & SOA security is something security professionals are not just aware of, but now see as their responsibility. Security Professionals are making great strides in understanding the nuances of web services security and how it is a logical extension of their domain given that they are already dealing with application security issues within HTTP(S), HTML, Cookies and the HTTP header in general. Now they have to go deeper in the SOAP packets and make sure that the back end systems are tested and secured for SOAP-borne vulnerabilities.