Techniques in Attacking and Defending XML/Web Services

From OWASP
Jump to: navigation, search

The presentation

Owasp logo normal.jpg
Web Services-based application integration pulls corporations towards "opening up" internal systems for other systems to call into whereas security pulls a company towards "locking down" business information. For successful integration projects, ease-of-system integration without compromising security is paramount. In this session, attendees will learn techniques for identifying web services security threats such as SQL Injection, DoS and XSD Mutation. Countermeasure techniques will be highlighted to mitigate exposure to identified security threats.

The speakers

Jason Macy is the CTO at Crosscheck Networks responsible for implementation and product strategy of the SOA Web Services based technologies. As co-founder of Crosscheck Networks, Jason has pioneered the field of web service testing and simulation with over 40,000 product installation worldwide. Jason also serves as VP Engineering for the wholly-owned subsidiary Forum Systems where he continues to be responsible for the software development lifecycle of the industry's only patented FIPS certified hardware security gateway for SOA web services. Before moving into the XML web services realm, Jason worked as the lead architect for Raytheon responsible for testing and successful commissioning of the Air Traffic Control system at Schipol Airport in Amsterdam, Holland. Jason holds dual-degrees in both Computer Science and Computer Engineering.

Mamoon Yunus is an industry-honored CEO and visionary in Web Services-based technologies. As the founder of Forum Systems, Mr. Yunus pioneered Web Services Security Gateways & Firewalls. He has spearheaded Forum's direction and strategy for six generations of award-winning Web Services Security products. Prior to Forum Systems, Mr. Yunus was a Global Systems Engineer for webMethods (acquired by Software AG) where he developed XML-based business integration and architecture plans for Global 2000 companies. He has held various high-level executive positions at Informix (acquired by IBM) and Cambridge Technology Group. Mr. Yunus holds two Graduate Degrees in Engineering from MIT and a BSME from Georgia Institute of Technology.