Case Study: Vordel and Oracle present Best Practice Architecure for SOA - Five case study examples
Security must be applied to an SOA
This means:

  • Policies must be defined (Design Time)
  • Control who can access the service
  • Control how the service must behave
Policies must be enforced (Runtime)
  • Via Gateways (on the network)
  • And via Agents (at the Services themselves)

Case Notes from a Vulnerability Assessment of a Bank’s Web Services

  1. What happened when a Bank allowed security experts to try to breach the protection of its Web Services
  2. How a vulnerability assessment of a bank's Web Services was undertaken.
  3. Established attack vectors are applied to the Web Services paradigm.
  4. Description of battery of tests and uncovered vulnerabilities are analyzed.

Security for AJAX and Web 2.0 [RSA Conference 2007]

  1. What is web 2.0
  2. Applying security to web 2.0
  3. How is XML security relevant for web 2.0

Security for REST Web Services [RSA 2006, San Jose]

  1. What is "REST" anyway? How is it different fro SOAP?
  2. Applying security to REST
  3. Reference architecture to protect both REST and SOAP

Mapping Security to an SOA [RSA 2005, San Francisco]

  1. what is a “Services Oriented Architecture” ?
  2. How do you go about creating a “Services Oriented Architecture”?
  3. Just how important are XML and SOAP for a Services Oriented Architecture ?