Brad Hill: Attacking Web Service Securty: Message....
Jan 09, 2006•1 hr 11 min
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Web Services are becoming commonplace as the foundation of both internal Service Oriented Architectures and B2B connectivity, and XML is the world's most successful and widely deployed data format. This presentation will take a critical look at the technologies used to secure these systems and the emerging attention to "message-oriented" security. How do WS-Security, XML Digital Signatures and XML Encryption measure up?
The first half of the talk will take a strategic view of message-oriented security and compare it to existing alternatives like SSL. The second half will be a technical deep dive into XML Digital Signatures as a case study in security technology design. The state of the art in XML attacks will be summarized and advanced, including a series of critical design flaws that allowed achieving reliable cross-platform code injection on multiple vendor platforms.
A tool will be demonstrated to apply a several of the attack techniques discussed against SAML messages.
The first half of the talk will take a strategic view of message-oriented security and compare it to existing alternatives like SSL. The second half will be a technical deep dive into XML Digital Signatures as a case study in security technology design. The state of the art in XML attacks will be summarized and advanced, including a series of critical design flaws that allowed achieving reliable cross-platform code injection on multiple vendor platforms.
A tool will be demonstrated to apply a several of the attack techniques discussed against SAML messages.
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast