Hacking Web Services

Web Services are an integral part of next generation Web applications. The development and use of these services is growing at an incredible rate, and so too are the security issues surrounding them. Hacking Web Services is a practical guide for understanding Web services security and assessment methodologies. Written for intermediate-to-advanced security professionals and developers, the book provides an in-depth look at new concepts and tools used for Web services security. Beginning with a brief introduction to Web services technologies, the book discusses Web services assessment methodology, WSDL — an XML format describing Web services as a set of endpoints operating on SOAP messages containing information — and the need for secure coding. Various development issues and open source technologies used to secure and harden applications offering Web services are also covered. Throughout the book, detailed case studies, real-life demonstrations, and a variety of tips and techniques are used to teach developers how to write tools for Web services. If you are responsible for securing your company's Web services, this is a must read resource!

Web Services are an integral part of next generation Web applications. The development and use of these services is growing at an incredible rate, and so too are the security issues surrounding them. Hacking Web Services is a practical guide for understanding Web services security and assessment methodologies. Written for intermediate-to-advanced security professionals and developers, the book provides an in-depth look at new concepts and tools used for Web services security. Beginning with a brief introduction to Web services technologies, the book discusses Web services assessment methodology, WSDL -- an XML format describing Web services as a set of endpoints operating on SOAP messages containing information -- and the need for secure coding. Various development issues and open source technologies used to secure and harden applications offering Web services are also covered. Throughout the book, detailed case studies, real-life demonstrations, and a variety of tips and techniques are used to teach developers how to write tools for Web services. If you are responsible for securing your company s Web services, this is a must read resource!

Shreeraj Shah, B.E., MSCS, MBA, is a co-founder of Blueinfy and SecurityExposure, companies that provide application security and On Demand Scanning services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank, and IBM in information security. Shreeraj has played an instrumental role in product development, researching new methodologies, and training designs. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments, security architecture reviews, and managing projects (Products/Services). He is the author of Web 2.0 Security (Cengage Learning, 2007), Hacking Web Services (Thomson Learning, 2006), and Web Hacking: Attacks and Defense (Addison-Wesley, 2002). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA, and OWASP. His articles are regularly published on Securityfocus, InformIT, DevX, O'reilly, and HNS. His work has been quoted on BBC, Dark Reading, and Bank Technology as an expert.