In Leuven at OWASP App Sec conference, the participants in my SOA, Web Services, and XML Security class, we built this set of security metrics for measuring security in a Web Services environment.
The base case includes a Distributor's Enterprise Service Bus that brokers services between a manufacture web service client and a set of supplier Web Services providers
The metrics map examines specific metrics for a XML Security Gateway, a Security Token Server (STS), the ESB, the system, and services. This is not a complete set, but it addresses many areas where commercial systems are blind.
Comments