Hi all, My name is Simon and I am a student at the KTH in Stockholm/Sweden. Right now I am doing a little thesis work with the topic "Security Framework for Web-Services". During my research I found the synapse tool and it really totally fits my needs.
Here is what I plan to do: -Using Synapse for applying WS-Security standards to messages (Digital Signature, Encryption, ..) -Using Synapse to filter out dangerous parts of messages to apply Aplication Security While the first part, concerning the network layer security, is based on mature methods and technologies, it is only about applying the standards to the message. The second part however, concering the application layer security, needs some further research about common attacks on web-services. Until now I thought about filtering ' to prevent a SQL Injection or to filter/annotate HTML tags, to prevent code injection. As you can see this part is still a bit fuzzy. Has anyone of you some more ideas about that? I also appreciate ideas about the other parts and the whole project! Best regards Simon
