Enterprise Web Services Security
Learn to Protect Your Assets and Prevent Attacks!
The use of Web Services for Business-to-Business (B2B) and Business-to-Consumer (B2C) transactions has created risks that expose critical assets to increasingly greater threats. Enterprise Web Services Security provides the information developers, application architects, and security professionals need to build security policies and strategies from the ground up in a Web Services environment. Most security books focus on computer or network security in isolation, relegating the other areas to overview chapters or appendices. A single-system view of security, however, is not adequate to describe a distributed Web Services-based environment as it causes the developer to have to piece together material from several resources in order to create secure Web sites and services. This book takes a holistic approach that mirrors the perspective developers need to take regardless of whether they are planning and implementing the security mechanisms for a Web Service, a Web site, or an enterprise. It details how to secure critical components such as workstations, servers, and networks, the goals behind an enterprise’s security policies, the policies an organization should have in place, and how to communicate those policies using WS-Policy Framework and WS-Security Policy. Various threats and attacks are also covered, as well as the identity management, authentication, authorization, access control, confidentiality, and integrity mechanisms needed to protect messages and transactions. Enterprise Web Services Security is the one book developers need to make all their security mechanisms work successfully to thwart attacks and protect assets.
Key Features!
- Teaches developers, application architects, and security professionals how to build security policies and select appropriate security mechanisms and strategies in a Web Services environment
- Covers the underlying protocols and technologies that form the Internet (TCP/IP, HTTP) and Web Services (XML, SOAP, WSDL, UDDI), and the major XML and Web Services standards that are the basis of implementing security in a Web Services environment
- Teaches how to implement and communicate security mechanisms using WSSecurity, XML Encryption, XML Signature, SAML, and XACML
- Explores the importance of auditing at both the server and network level and how to create trust relationships and domains
- Explains how to implement security policies and mechanisms in both J2EE and .NET
- Includes a companion CD-ROM with all of the references, source code, and figures from the book ON THE CD (see Appendix B for more details)
- Code Samples: Contains all of the XML listings from the book
- References: Provides hyper links for all the reference materials used in the book
- Work sheet: Includes a work sheet for deploying a Web Services system as described in the book
- Figures: Includes all of the figures from the book by chapter SYSTEM REQUIREMENTS: Any Windows, Macintosh, or UNIX system that allows reading this CDROM and has the ability to view and display XML, text, PDF, and Microsoft Office files.
Review By: Rahul Khanna
03/20/2006Authors Rickland Hollar and Rick Murphy demonstrate in "Enterprise Web Services Security" how to achieve secure Web services and enable a secure Web presence. They do a great job providing detailed guidance to a range of IT specialists, from students to network administrators. They take a bottom-up approach to illustrate what Web security really means. They also cover security necessities for hardware through the network’s backbone and how to implement XML-based security methodologies extended by Web services.
Any IT shop that desires to host Web applications--and Web services in particular--within a secure and reliable environment can benefit from reading this book. Through their discussions about strategy and tactics in designing robust architecture, both authors show they are clearly versed in Web applications and services engineering--particularly security implementation. This book is a tremendous reference guide, not only detailing security threats and countermeasures, but also providing insightful guidance for businesses. The authors break down cost-benefit ratios and the necessary steps to providing secure and reliable services.
The casual, discussion-style writing makes this book interesting to read, as though a peer is explaining practical solutions while sitting right next to you. I am working on a military project that involves integrating Web services that offer externalized security and discovery mechanisms with a contracting system for the Department of Defense. This book covers all the necessary aspects needed to successfully implement the solution my project intends to deliver. In fact, I recommend this book for engineers behind all Web applications, regardless of any plans to implement Web services.
This book contains the necessary guidance to secure Web systems for customers and end-users.
The authors also offer suggestions for quantifying the cost-benefit of implementing security measures at a network or application level and also for securing the hardware and the buildings where computers reside. The authors really define quality engineering, which is the basis for quality assurance; quality is assured by means of secure and reliable services provided to end-users of Web applications.