|
|
Web services pose growing security risk
|
04/07/2006, By Robert McMillan
|
In their rush to implement Web services, some companies may be exposing themselves to new security risks that they may not fully understand, a security researcher said at the CanSecWest/core06 conference in Vancouver on Thursday.
During a conference presentation, researcher Alex Stamos outlined how a number of Web services technologies, including the AJAX (Asynchronous JavaScript and XML) and the XQuery query language could be exploited by hackers to dig up secret information and attack systems.
Web services is a catch-all expression used to describe a form of distributed computing that uses standards based on XML (Extensible Markup Language) to simplify the job of programming software. One of its key tenets is that Web services applications are extremely portable and can easily interact with different types of software.
While this cross-platform capability can simplify programming, it can also create security risks by creating situations that may not have been anticipated by software developers, said Stamos, a founding partner of Information Security Partners, based in San Francisco. During his talk, he described an attack where a user could enter malicious code in a Web form and then get that code to run by calling up the company's customer service number and tricking a representative into inadvertently executing it.
Read More...
|
|
|
|
|
|
|
|
|
|
|
|
|
Special offer for AjaxImpact.com Visitors!!
Subscribe to Oracle Magazine for Free!
