[SC-L] Web Services vs. Minimizing Attack Surface

2006-08-15 Thread John Wilander
Hi! The security principle of minimizing your attack surface (Writing Secure Code, 2nd Ed.) is all about minimizing open sockets, rpc endpoints, named pipes etc. that facilitate network communication between applications. Web services and Service Oriented Architecture on the other hand are

Re: [SC-L] Web Services vs. Minimizing Attack Surface

2006-08-15 Thread Nash
Thinking about attackable surface area is a good metaphor, but I think it's breaking down on you. Think about a classic forms-driven (MVC) web application. If it's at all complex, it'll contain a variety of form processing programs that are all interlinked with a complex state-sharing mechanism.

Re: [SC-L] Web Services vs. Minimizing Attack Surface

2006-08-15 Thread Gadi Evron
: Dienstag, 15. August 2006 10:03 Subject: [SC-L] Web Services vs. Minimizing Attack Surface Hi! The security principle of minimizing your attack surface (Writing Secure Code, 2nd Ed.) is all about minimizing open sockets, rpc endpoints, named pipes etc. that facilitate network