ou get to play with the code, in some cases anyway.Other than that and the
fact the code runs, mostly, locally, there is no difference.
The one major different is that with some services, the vulnerability is
local as everybody builds their own.
The main issue here is that web services allow for
There may be a conflict here depending on the implementation in practice,
but not necessarily. SOA and Web Services often aggregate lots of endpoints
(enterprise service buses do this for example) into a smaller set of service
interfaces.
A couple of weeks ago at MetriCon, Pratyusa Manadhata gave
> [mailto:[EMAIL PROTECTED] On Behalf Of John Wilander
> Sent: Dienstag, 15. August 2006 10:03
> Subject: [SC-L] Web Services vs. Minimizing Attack Surface
>
> Hi!
>
> The security principle of minimizing your attack surface
> (Writing Secure
> Code, 2nd Ed.) is all about minimizing open socket
Thinking about "attackable surface area" is a good metaphor, but I
think it's breaking down on you.
Think about a classic forms-driven (MVC) web application. If it's at
all complex, it'll contain a variety of form processing programs that
are all interlinked with a complex state-sharing mechanism
Hi!
The security principle of minimizing your attack surface (Writing Secure
Code, 2nd Ed.) is all about minimizing open sockets, rpc endpoints,
named pipes etc. that facilitate network communication between
applications. Web services and Service Oriented Architecture on the
other hand are all