Web Services Cheat Sheet

= ACTIVE WORK IN PROGRESS AUGUST 2011 =

= Introduction =

This article is focused on providing guidance to securing web services and preventing web services related attacks.

Transport Confidentiality
All communication between web services and their clients must be encrypted using

Authorization
Depending on the functionality. A web service should authorize its clients whether they have access to the method in question. This can be done using one of the following methods:

- Having clients to authorize to the web service using username and password - Having clients to authorize to the web service using client certificates