Products & Services
Web Services Security Solutions

Web Services

Today’s global Internet environment is a muddled mix of different operating systems utilising different technologies and different protocols. This mixture creates significant barriers for applications to communicate with each other. In order to overcome these barriers, applications need to understand each other’s protocols, security measures and language. Web services technology was created in order to accomplish this. It uses XML technology that allows applications to invoke application calls with one another. This format was designed to pass existing security measures, to be platform-independent, and to support any application call structure.

The advent of Web services has created an opportunity for organisations to solve the challenges of integrating corporate applications and information. There is a real danger that in the rush to deploy and use Web services applications, companies will expose their systems to costly attacks.

 

The Need For Security

According to a Hurwitz Group study, security is the biggest obstacle to enterprise Web services adoption. Web services move transactions beyond firewalls and enable outside entities to invoke applications, potentially giving outsiders access to sensitive information.

Savvy hackers will not be fazed by the apparent complexity of Web services. They see Web services simply as a standard set of remote procedure calls, implemented over HTTP, where the standard content will be XML using SOAP as the transport protocol. By changing and manipulating the Web services message structure to a format not expected by the Web services application or embedding malicious content within individual fields, the hacker can expose potential vulnerabilities and attack an application.

 

Our Solution

Netrust has solutions for securing SOAP messages used in Web services, which utilise encryption and digital signing.

  • Encryption
    • Solving the packet-sniffing problem is a well-known art in the security industry. By using a set of encryption products and standards, administrators can simply, quickly and efficiently solve the ‘man-in the middle’ problem. Encrypting Web services traffic will prevent hackers from sniffing the network and reading confidential business transactions and details.
  • Digital Signing & Authentication
    • Use of digital signatures verifies a sender’s identity and the data integrity.

Companies can now implement proper security measures and thus reduce the risk to acceptable levels. The strong security assurance provided by Netrust is crucial as Web services are implemented in business-critical and mission-critical systems.

 

 

Consultancy Services

Support

  • Netrust Java based solutions support XML signature and encryption implementations that are based on the XML Signature Syntax and Processing and XML Encryption specification developed by the IETF and W3C XML Working Groups.