I attended the RSA Security Conference last year and was surprised not to see better guidance on securing web services. This combined with the challenges I observed as a member of the WS-I Basic Security Profile Sample Application's team inspired our team to create a comprehensive guide on securing web services.

Myself and Frederick Chong are going to be presenting an overview of our guidance at the RSA Security Conference in San Jose February . The conference is in San Jose this February 15th. The presentation is going to include:

  • A high-level overview of web security and associated benefits and challenges
  • Review of core application scenarios
  • Review of guidance matrixes to help enable you to determine how best to secure your own web services
  • Practical demonstration of threats, vulnerabilites and countermeasures related to:
    • Data confidentiality
    • Data encryption
    • Message replay protection
    • Data Validation
    • Deploying services for external consumption
  • And a brief review of advanced scenarios such as federation

We would also be very interested in hearing from you to see what else you would expect to cover... so please add notes if you have any suggestions. We hope to see you there...

For more information see: