'Guide to Secure Web Services' provides blueprint to safer Web 2.0

Sep 14, 2007

Many Web-based services, from shopping to online word processing, allow computer programs to talk to each other and exchange user data across several Web sites without human intervention. Many of the attractive features of this “Web 2.0,” including greater access to information and one-stop transactions that process information from several websites, are at odds with traditional ways of maintaining computer security.

A new NIST publication, called “Guide to Secure Web Services” (NIST Special Publication 800-95), provides details on how to make Web 2.0 more secure while maintaining its flexible and convenient features.

“The security challenges presented by the web services approach are formidable and unavoidable,” according to the publication. “Difficult and unsolved problems exist,” it continues, citing examples such as maintaining confidentiality and integrity in data that is transmitted via intermediary Web sites. Firewalls, which often protect single computers or networks from certain types of attack, are often inadequate to safeguard Web services data traveling between Web sites.

The publication recommends several steps to make Web services more secure. One recommended measure for content providers is to replicate their data and services at backup sites. This would improve the availability of their services in the event of “denial of service” (DoS) attacks intended to shut down a target Web site. Another recommendation is better and more uniform logging of visitors and actions on Web sites. The publication also outlines several existing security techniques for making web services more secure, such as adding encryption to data transmitted through XML (eXtensible Markup Language), a protocol that allows the sharing and manipulation of data across different computer platforms.

Source: National Institute of Standards and Technology

Explore further: Computerized emotion detector

add to favorites email to friend print save as pdf

Related Stories

Entrepreneurs aren't overconfident gamblers

1 hour ago

Leaving one's job to become an entrepreneur is inarguably risky. But it may not be the fear of risk that makes entrepreneurs more determined to succeed. A new study finds entrepreneurs are also concerned about what they might ...

New complex oxides could advance memory devices

1 hour ago

The quest for the ultimate memory device for computing may have just taken an encouraging step forward. Researchers at The City College of New York led by chemist Stephen O'Brien have discovered new complex ...

Recommended for you

Computerized emotion detector

Sep 16, 2014

Face recognition software measures various parameters in a mug shot, such as the distance between the person's eyes, the height from lip to top of their nose and various other metrics and then compares it with photos of people ...

Cutting the cloud computing carbon cost

Sep 12, 2014

Cloud computing involves displacing data storage and processing from the user's computer on to remote servers. It can provide users with more storage space and computing power that they can then access from anywhere in the ...

Teaching computers the nuances of human conversation

Sep 12, 2014

Computer scientists have successfully developed programs to recognize spoken language, as in automated phone systems that respond to voice prompts and voice-activated assistants like Apple's Siri.

Mapping the connections between diverse sets of data

Sep 12, 2014

What is a map? Most often, it's a visual tool used to demonstrate the relationship between multiple places in geographic space. They're useful because you can look at one and very quickly pick up on the general ...

User comments : 0