Today’s global Internet environment is a muddled mix of different operating systems utilising different technologies and different protocols. This mixture creates significant barriers for applications to communicate with each other. In order to overcome these barriers, applications need to understand each other’s protocols, security measures and language. Web services technology was created in order to accomplish this. It uses XML technology that allows applications to invoke application calls with one another. This format was designed to pass existing security measures, to be platform-independent, and to support any application call structure.
The advent of Web services has created an opportunity for organisations to solve the challenges of integrating corporate applications and information. There is a real danger that in the rush to deploy and use Web services applications, companies will expose their systems to costly attacks.
According to a Hurwitz Group study, security is the biggest obstacle to enterprise Web services adoption. Web services move transactions beyond firewalls and enable outside entities to invoke applications, potentially giving outsiders access to sensitive information.
Savvy hackers will not be fazed by the apparent complexity of Web services. They see Web services simply as a standard set of remote procedure calls, implemented over HTTP, where the standard content will be XML using SOAP as the transport protocol. By changing and manipulating the Web services message structure to a format not expected by the Web services application or embedding malicious content within individual fields, the hacker can expose potential vulnerabilities and attack an application.
Netrust has solutions for securing SOAP messages used in Web services, which utilise encryption and digital signing.
Companies can now implement proper security measures and thus reduce the risk to acceptable levels. The strong security assurance provided by Netrust is crucial as Web services are implemented in business-critical and mission-critical systems.