Welcome!

Internet of Things, Smart Cities and API Security

Mamoon Yunus

Subscribe to Mamoon Yunus: eMailAlertsEmail Alerts
Get Mamoon Yunus via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Case Study

SOA Security Track - Anatomy of a Web Services Attack

Innovative Techniques That Hackers Use To Map Out The Vulnerabilities Of An Organization's Network

A broad range of new security threats is facing enterprises implementing XML Web services, leaving the enterprises open to financial risks, loss of property, and tarnished reputations.

The basic rules of security - authentication, authorization, and auditing - no longer provide adequate security in the new world of straight-thru-processing paths into mission critical systems. Denial of service (DoS) attacks, information leakage, and malicious activity can all arise irrespective of authentication strength.

What's worse, WSDL documents provide a guide book to security exposure. Most attacks on traditional Web-based applications exploit weaknesses in HTML-enabled custom, or packaged, applications. However, hackers and other malicious users are quickly uncovering new techniques at the SOAP/XML data level that bypass HTML and target weaknesses in Web services programming, technology, and architecture.

This session will outline the innovative techniques that hackers use to map out the vulnerabilities of an organization's network, and how Web server security must now complement Web services security in order to provide an adequate defense.

A broad range of new security threats is facing enterprises implementing XML Web services, leaving the enterprises open to financial risks, loss of property, and tarnished reputations.

The basic rules of security - authentication, authorization, and auditing - no longer provide adequate security in the new world of straight-thru-processing paths into mission critical systems. Denial of service (DoS) attacks, information leakage, and malicious activity can all arise irrespective of authentication strength.

What's worse, WSDL documents provide a guide book to security exposure. Most attacks on traditional Web-based applications exploit weaknesses in HTML-enabled custom, or packaged, applications. However, hackers and other malicious users are quickly uncovering new techniques at the SOAP/XML data level that bypass HTML and target weaknesses in Web services programming, technology, and architecture.

This session will outline the innovative techniques that hackers use to map out the vulnerabilities of an organization's network, and how Web server security must now complement Web services security in order to provide an adequate defense.

More Stories By Mamoon Yunus

Mamoon Yunus is an industry-honored CEO and visionary in Web Services-based technologies. As the founder of Forum Systems, he pioneered XML Security Gateways & Firewalls and was granted a patent for XML Gateway Appliances. He has spearheaded Forum's direction and strategy for eight generations of award-winning XML Security products. Prior to Forum Systems, Yunus was a Global Systems Engineer for webMethods (NASD: WEBM) where he developed XML-based business integration and architecture plans for Global 2000 companies such as GE, Pepsi, Siemens, and Mass Mutual. He has held various high-level executive positions at Informix (acquired by IBM) and Cambridge Technology Group.

He holds two Graduate Degrees in Engineering from MIT and a BSME from Georgia Institute of Technology. InfoWorld recognized Yunus as one of four "Up and coming CTOs to watch in 2004." He is a sought-after speaker at industry conferences such as RSA, Gartner, Web Services Edge, CSI, Network Interop, and Microsoft TechEd. Yunus has the distinction of showcasing Forum Systems' entrepreneurial leadership as a case study at the MIT Sloan School of Management. He has also been featured on CNBC as Terry Bradshaw's "Pick of the Week."

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.