RE: Webservices security

["Debasis Mohanty" <debasis.mohanty.listmails () gmail com>]

This should give you a good start - 
http://msdn.microsoft.com/en-us/library/ms951273.aspx

Additionally you can look for Security
Assertion Markup Language (SAML) here -
http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf

-d

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of rafael.pandini () gmail com
Sent: 24 March 2009 21:29
To: pen-test () securityfocus com
Subject: Webservices security


  Hi everyone,

  Does anyone here know what metrics are used to determine a "secure"
webservice ? In the topics listed bellow, anyone know a good text/way that
explain how to implement it ?

  - Secure communication
  - Sessions (Across multiple services)
  - Access control

  Thanks in advance.  

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own
exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how
to write stack and heap buffer overflow exploits for Windows and Linux. Gain
your Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.ht
ml
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical 
Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your 
Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------