'Guide to Secure Web Services' provides blueprint to safer Web 2.0

Sep 14, 2007

Many Web-based services, from shopping to online word processing, allow computer programs to talk to each other and exchange user data across several Web sites without human intervention. Many of the attractive features of this “Web 2.0,” including greater access to information and one-stop transactions that process information from several websites, are at odds with traditional ways of maintaining computer security.

A new NIST publication, called “Guide to Secure Web Services” (NIST Special Publication 800-95), provides details on how to make Web 2.0 more secure while maintaining its flexible and convenient features.

“The security challenges presented by the web services approach are formidable and unavoidable,” according to the publication. “Difficult and unsolved problems exist,” it continues, citing examples such as maintaining confidentiality and integrity in data that is transmitted via intermediary Web sites. Firewalls, which often protect single computers or networks from certain types of attack, are often inadequate to safeguard Web services data traveling between Web sites.

The publication recommends several steps to make Web services more secure. One recommended measure for content providers is to replicate their data and services at backup sites. This would improve the availability of their services in the event of “denial of service” (DoS) attacks intended to shut down a target Web site. Another recommendation is better and more uniform logging of visitors and actions on Web sites. The publication also outlines several existing security techniques for making web services more secure, such as adding encryption to data transmitted through XML (eXtensible Markup Language), a protocol that allows the sharing and manipulation of data across different computer platforms.

Source: National Institute of Standards and Technology

Explore further: A new kind of data-driven predictive methodology

add to favorites email to friend print save as pdf

Related Stories

Activist investor pushes Yahoo to buy rival AOL

Sep 26, 2014

(AP)—Yahoo CEO Marissa Mayer is getting some unsolicited advice on how to turn around the long-struggling Internet company, just like some of her predecessors who tangled with investors dissatisfied with ...

'Bash' computer bug could hit millions (Update)

Sep 25, 2014

The US government and technology experts warned Thursday of a vulnerability in some computer-operating systems, including Apple's Mac OS, which could allow widespread and serious attacks by hackers.

Geo-ranking the Internet

Sep 24, 2014

The Internet is a critical component of modern communication for billions of people and businesses. But, how resilient is it to sabotage, accidents and political abuse? Writing in the International Journal of Networking an ...

CloudFlare tackles lost SSL key risk with Keyless SSL

Sep 19, 2014

Organizations looking for and concerned about optimal security protection are the targets of a new service announced by San Francisco-based CloudFlare. The offering is called Keyless SSL. CloudFlare explained ...

Recommended for you

Five ways the superintelligence revolution might happen

Sep 26, 2014

Biological brains are unlikely to be the final stage of intelligence. Machines already have superhuman strength, speed and stamina – and one day they will have superhuman intelligence. This is of course ...

User comments : 0