'Guide to Secure Web Services' provides blueprint to safer Web 2.0

Sep 14, 2007

Many Web-based services, from shopping to online word processing, allow computer programs to talk to each other and exchange user data across several Web sites without human intervention. Many of the attractive features of this “Web 2.0,” including greater access to information and one-stop transactions that process information from several websites, are at odds with traditional ways of maintaining computer security.

A new NIST publication, called “Guide to Secure Web Services” (NIST Special Publication 800-95), provides details on how to make Web 2.0 more secure while maintaining its flexible and convenient features.

“The security challenges presented by the web services approach are formidable and unavoidable,” according to the publication. “Difficult and unsolved problems exist,” it continues, citing examples such as maintaining confidentiality and integrity in data that is transmitted via intermediary Web sites. Firewalls, which often protect single computers or networks from certain types of attack, are often inadequate to safeguard Web services data traveling between Web sites.

The publication recommends several steps to make Web services more secure. One recommended measure for content providers is to replicate their data and services at backup sites. This would improve the availability of their services in the event of “denial of service” (DoS) attacks intended to shut down a target Web site. Another recommendation is better and more uniform logging of visitors and actions on Web sites. The publication also outlines several existing security techniques for making web services more secure, such as adding encryption to data transmitted through XML (eXtensible Markup Language), a protocol that allows the sharing and manipulation of data across different computer platforms.

Source: National Institute of Standards and Technology

Explore further: Coping with floods—of water and data

add to favorites email to friend print save as pdf

Related Stories

Chinese dating app CEO accused of theft ahead of IPO

Dec 11, 2014

A day ahead of its IPO a popular Chinese dating app backed by Internet giant Alibaba was on Thursday facing accusations by its CEO's previous employer that he stole technology and abused his position.

Spanish news to vanish from Google News globally

Dec 11, 2014

Google is locking Spanish publishers out of its popular Google News service in response to a new Spanish law that imposes fees for linking to the headlines and news stories on other websites.

Is rider safety the real Achilles heel for Uber and Lyft?

Dec 10, 2014

The growth of ride-hailing companies such as Uber and Lyft so far has not been hindered by limits from government regulators and campaigns by taxi cab competitors. A bigger threat to the new industry's impressive ...

A mobile app for conducting opinion polls

Dec 09, 2014

Soon anyone can conduct public opinion polls to drive issues that are important to them, using a new open source tool being developed at Sweden's KTH Royal Institute of Technology.

Recommended for you

Coping with floods—of water and data

9 hours ago

Halloween 2013 brought real terror to an Austin, Texas, neighborhood, when a flash flood killed four residents and damaged roughly 1,200 homes. Following torrential rains, Onion Creek swept over its banks and inundated the ...

Cloud computing helps make sense of cloud forests

Dec 17, 2014

The forests that surround Campos do Jordao are among the foggiest places on Earth. With a canopy shrouded in mist much of time, these are the renowned cloud forests of the Brazilian state of São Paulo. It is here that researchers ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.