In Helsinki, giving the second day of my Web services security training session. I am also speaking tonight at OWASP Helsinki on Web services security. Since it is an OWASP Meeting, the presentation is a top ten list for Web services security issues (please note - NOT an official OWASP Top Ten list).
Issue 1. You're not spending enough on app security
Issue 2. Know your standards
Issue 3. Use message level security
Issue 4. Use longer keys
Issue 5. Validate input
Issue 6. Avoid naive sign and encrypt
Issue 7. Scan your stuff before someone else does
Issue 8. Look out for XDoS
Issue 9. Implement a XSG
Issue 10. Reliability is cool (WS-RM)
Comments