Securing Web Services with mod_security | Search for a title, author or keyword | ||||||||
Securing Web Services with mod_security Securing Web Services with mod_security, by Shreeraj Shah. ModSecurity and Web services: what to do when Web Services are vulnerable to attacks? What do Web Services are? A Web service is a software system designed to support interoperable machine-to-machine interaction over a network. It has an interface described in a machine-processable format ( specifically WSDL, Web Service Definition Language ). Other systems interact with the Web service in a manner prescribed by its description using SOAP ( Simple Object Access Protocol ) messages, where SOAP is a protocol for XML data exchange, over HTTP. UDDI ( Uniform Description, Discovery and Integration ) is a high level specification for a distributed system used to create the list of the services ( a sort of "White Pages" ) drew with WSDL. To allow the access to UDDI registries from different platforms, UDDI directories offer their own APIs as SOAP-based web services. What is ModSecurity? ModSecurity is an open source, free web application firewall ( WAF ) Apache module. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure. ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged. In addition to providing logging facilities, ModSecurity can monitor the HTTP traffic in real time in order to detect attacks. In this case, ModSecurity operates as a web intrusion detection tool, allowing you to react to suspicious events that take place at your web systems.
|
|||||||||
Securing Web Services with mod_security | Disclaimer: this link points to content provided by other sites. |