'Guide to Secure Web Services' provides blueprint to safer Web 2.0

Sep 14, 2007

Many Web-based services, from shopping to online word processing, allow computer programs to talk to each other and exchange user data across several Web sites without human intervention. Many of the attractive features of this “Web 2.0,” including greater access to information and one-stop transactions that process information from several websites, are at odds with traditional ways of maintaining computer security.

A new NIST publication, called “Guide to Secure Web Services” (NIST Special Publication 800-95), provides details on how to make Web 2.0 more secure while maintaining its flexible and convenient features.

“The security challenges presented by the web services approach are formidable and unavoidable,” according to the publication. “Difficult and unsolved problems exist,” it continues, citing examples such as maintaining confidentiality and integrity in data that is transmitted via intermediary Web sites. Firewalls, which often protect single computers or networks from certain types of attack, are often inadequate to safeguard Web services data traveling between Web sites.

The publication recommends several steps to make Web services more secure. One recommended measure for content providers is to replicate their data and services at backup sites. This would improve the availability of their services in the event of “denial of service” (DoS) attacks intended to shut down a target Web site. Another recommendation is better and more uniform logging of visitors and actions on Web sites. The publication also outlines several existing security techniques for making web services more secure, such as adding encryption to data transmitted through XML (eXtensible Markup Language), a protocol that allows the sharing and manipulation of data across different computer platforms.

Source: National Institute of Standards and Technology

Explore further: SDSC's 'Comet' supercomputer enters early operations phase

Related Stories

Sentinel-2A arrives in French Guiana for 12 June launch

13 minutes ago

The latest satellite for the European Commission's environmental Copernicus programme has arrived safe and sound in French Guiana for launch on 12 June. Carrying a multispectral imager, Sentinel-2A is set ...

A novel pathway producing dimethylsulphide in bacteria

13 minutes ago

A scientific team that includes researchers from the University of Barcelona (UB) has identified a novel pathway producing dimethylsulphide, a volatile organosulfur compound which plays a major role in climate regulation.

Direct visualization of magnetoelectric domains

14 minutes ago

A novel microscopy technique called magnetoelectric force microscopy (MeFM) was developed to detect the local cross-coupling between magnetic and electric dipoles. Combined experimental observation and theoretical ...

Avoid 'crape murder' with limited pruning

18 minutes ago

Efforts to prevent people from committing "crape murder" are reducing the number of unsightly, knobby-knuckled branch ends but may leave people wondering how to correctly shape crape myrtles.

Secret life of penguins revealed

19 minutes ago

To mark World Penguin Day (25 April 2015) citizen science project Penguin Watch will release 500,000 new images of penguins and reveal secrets from a year of spying on penguins. ...

Recommended for you

Researchers create tool for monitoring brands on Twitter

Apr 30, 2015

Universidad Carlos III de Madrid has developed a monitoring tool with which brands can test the effects of their strategies on social networks. This program can control millions of 'tweets' and reveal the ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.