Monday, January 25, 2010

XML Threat and Trust Modeling and Testing

Understanding XML Threat and Trust models enables SOA testing and QA professionals to build robust test suites that verify functional, performance, interoperability and security profiles of Web services.  SOA testing has to cover a XML identity tokens, XML signature generation and verification, and XML encryption-decryption to establish trust.  The test suites have to ensure that trust-based artifacts are scalable and interoperable.  In addition to testing such trust-based artifacts, SOA testers have to ensure that the web services have threat mitigation in place against threats such as SQL Injection, Denial of Service attacks and Malware threats over SOAP and XML traffic.

Here is an article published on XML Threat and Trust Models:

XML Security Trust and Threat Models for Dummies
— It is very rare today to find a business application that has not exposed its interface via SOAP/XML. XML is the building block that enables business or consumer applications to exchange data in a standard structured format. The exchange of XML data typically takes place through an SOAP/XML interface based on the Web Services standard or through the REST-based standard. These flexible standards that richly describe interface functions of an application also introduce a host of XML and Web Services security vulnerabilities. This article is a quick start guide to most common XML and Web Services security vulnerabilities and the two basic security models they follow.
Full Article: XML Security Trust and Threat Models for Dummies

No comments: