Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: need help with Web Services security

Re: need help with Web Services security

From: Steve Shah <sshah_at_planetoid.org>
Date: Mon, 5 Apr 2004 20:27:54 -0700

Hi Tal,

> I'm trying to find the best way to secure Web Services which will run on
> .NET and Websphere 5.
>
> I need a secure authentication between the applications, integrity and
> confidentiality of the messages.
>
> I know the WS-Security recommendations, but I need something more accurate
> that is supported by the two platforms above.
>
> I'm currently thinking about using a Kerberos server (as for Kerberos
> tickets) and SSL-2.

Keep it simple. If it is a B2B application, consider SSL with client
side certificates and authenticated access. Authentication should be
standards based on HTTP (e.g. Digest Auth). This will give you the
maximum flexibility in terms of available tools and interoperability
in the future.

HTTP and SSL also give you the benefit of a lot of acceleration
options in the future. (e.g. SSL acceleration, TCP offload, etc.)

Cheers,
-Steve 

-- 
Steve Shah
sshah@planetoid.org - http://www.planetoid.org/
Beating code into submission, one OS at a time...
Received on Apr 06 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]