These library resources require an Ounce Labs ID. Log in or register.

The Security Implications of Ajax and Web Services

Securing Web Services and Ajax is about more than just securing the client.

Enterprises worldwide are developing and deploying Service Oriented Architectures (SOA). The implementation of SOA is achieved through Web Services, which facilitate communication between two entities utilizing technologies such as eXtensible Markup Language (XML) and Simple Object Access Protocol (SOAP). Ajax (Asynchronous Javascript and XML), another Web Services design pattern, provides a rapid and user-friendly way for people to experience Web applications, the most notable example being Google Maps.

Many security concerns associated with Web Services focus on the security and integrity of client-side XML messages, but these concerns do not take into account the underlying server-side application, which can expose sensitive information. In truth, many of the Web Services-related security breaches that have been in the press have actually been more about improper input validation on the server side than about particular vulnerabilities on the client side. It is only through a thorough source code analysis of those back-end applications that organizations can ensure the security of company data.

This Ounce Security Brief describes the key security issues with Web Services and Ajax, and the ways in which the Ounce 4 solution can help to secure confidential data

« Back to Library