1 Raindrop: WS-GameOver: 72% of ESBs using weak web services security?

Blogroll

Adding Simplicity - An Engineering Mantra
Adventures of an Eternal Optimist
afongen
Andre Durand
Andy Steingruebl
Anton Chuvakin
Arnon Rotem-Gal-Oz's Cirrus Minor
Beyond the Beyond
Burton Group Identity Blog
cat slave diary
Ceci n'est pas un Bob
cgisecurity
ConnectID
Cryptosmith
Diggings
Don Park's Daily Habit - Recent Posts
Emergent Chaos: Musings from Adam Shostack on security, privacy, and economics
Enterprise Integration Patterns: Gregor's Ramblings
Eric Newcomer
Financial Cryptography
Global Guerrillas
infosec daily: blogs
James Kobielus
James McGovern
Johan Peeters
John Hagel
Justice League [Cigital]
Kim Cameron's Identity Weblog
Krypted - Charles Edge's Notes from the Field
Light Blue Touchpaper
MAKE: Blog
Mark Curphey - SecurityBuddha.com
Mark O'Neill
Matasano Chargen
Michael Howard's Web Log
O'Reilly Radar
Off by On
ongoing
Patrick Harding
Perilocity
Pushing String
Rational Survivability
rdist: setuid just for you
Rich Salz
RiskAnalys.is
Ross Mayfield's Weblog
Rudy Rucker
Spire Security Viewpoint
TaoSecurity
The Identity Corner
The New School of Information Security
Thomas P.M. Barnett :: Weblog
Windley's Technometria
WorldChanging: Tools, Models and Ideas for Building a Bright Green Future
zenpundit

Blog powered by TypePad

« Whatever happened to give 'em enough eyes? | Main | Global security matrix »

WS-GameOver: 72% of ESBs using weak web services security?

Johannes Ernst points to a study on the primary security mechanism that organizations use to connect web services to their ESB:

WS-Security: 28%
Custom XML tags: 31%
HTTP Basic AuthN: 27%
No security: 14%

Don Smith points out that the Message is the King and the contract is the queen. It would appear that 28% of organizations take some measures to protect their king. If your opponent is any good at chess this is WS-GameOver.

October 25, 2006 in Security, Security Metrics, SOA, Software Architecture, Web Services | Permalink

Comments

The comments to this entry are closed.

SOS: Service Oriented Security

Logging in the Age of Web Services
Service-Oriented Security Indications for Use
The Economics of Finding and Fixing Vulnerabilities in Distributed Systems
Silver Bullet Security Podcast
Web Services Security Checklist
SOA Security Roundtable Transcript
Security in SOA - It's the Car, Not the Garage
Companies Must Update Thinking About Security Spending
Webcast: Dealing with Security in an SOA World
Security Architecture Overhaul
CAPEC - Attack Patterns
Security Architecture Blueprint
Security Metrics for OWASP Top 10
XML Security Gateway Evaluation Criteria
MetriCon 1.0 Notes

1 Raindrop

Gunnar Peterson's loosely coupled thoughts on distributed systems, security, and software that runs on them.

Recent Posts

Blogroll

WS-GameOver: 72% of ESBs using weak web services security?

Comments

SOS: Service Oriented Security

Archives