Speaking about REST and Web Services Security in Waltham tomorrow
Tomorrow, Wednesday 6th July, I'm speaking at on the topic of "REST and Web Services Security" at OWASP Boston at the Microsoft offices in Waltham.
Here is the flyer for tomorrow's session:
Web Services are usually associated with the “triumvirate” of SOAP, WSDL, and UDDI. However, over the past 18 months, REST Web Services have enjoyed increasing popularity. Although the theory surrounding REST (REpresentational State Transfer) is complex, the practice is simple: use long-established Web technologies instead of SOAP. REST Web Services are addressed using HTTP GETs and POSTs to send and receive plain-XML (as opposed to SOAP) documents to URLs. The so-called “mega Web Services” offered by Google, Amazon, and Yahoo! all feature REST interfaces which have proven to be very popular amongst developers, especially when compared to their SOAP-based equivalents. Clearly, REST Web Services have much in common with Web applications, but there are also important differences (for example, cookies have no place in the REST architecture).
In this talk, we examine the security implications of REST. We ask a number of questions:
- Can Web Application Security techniques adequately protect REST Web Services?
- Since REST Web Services cannot use WS-Security, does that mean they are insecure?
- What security guidelines can you offer to developers who are using REST Web Services?
- What do XML security vendors do to protect REST Web Services?
All attendees will get free Web Services Security wallcharts
Pizza will be provided by Vordel.
7:55:49 PM 
|
|
