SIFT Web Services Security Testing Framework

["Paul Theriault" <paul.theriault () sift com au>]

SIFT has released a new Intelligence Report titled 'A Web Services Security
Testing Framework'. The framework covers the entire web services security
testing process incorporating detailed threat modelling, scoping and
planning methodologies tailored specifically for web services applications.
It also provides a structured approach to assessing the security of a web
service through an application-level penetration test and aims to deliver a
repeatable means for security assurance.

A primary goal of this framework is to stimulate community interest and
drive the further development and adoption of structured security assurance
methodologies for web services. We welcome mailing list subscribers to
review the paper and will endeavour to incorporate feedback in future
versions of the framework. 

Please send feedback and suggestions to research () sift com au.

The paper is available for download from the SIFT website:
http://www.sift.com.au/36/175/a-web-services-security-testing-framework.htm

-------------------------------------------------------------------------
Sponsored by: Watchfire

It's been reported that 75% of websites are vulnerable to attack. That's 
because hackers know to exploit weaknesses in web applications. 
Traditional approaches to securing these assets no longer apply. 
Download the "Addressing Challenges in Application Security" whitepaper 
today, and see for yourself.

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------