Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Research paper on WSE Policy Advisor

from [Andy Gordon] Network Security [Permanent Link]
Subject: Research paper on WSE Policy Advisor
Date: Fri, 16 Sep 2005 11:02:43 +0100 
Hi, readers of this list may be interested in a new paper we've written
describing the architecture of a tool for checking WSE 2 security
policies.  These are XML config files that determine the security
processing of SOAP messages.  Title and abstract below; paper and tool
available from our project page http://securing.ws 

Since XML config files are widely used, the idea of a tool to check them
as part of security reviews is very natural.  Jon Udell has a nice
article about this on his blog from last year, where he advocates
partially populating a threat model from config files.

http://weblog.infoworld.com/udell/2004/05/25.html 

Can anyone point me to other tools for analyzing config files for
security issues?

Thanks,

Andy

An advisor for web services security policies. With K. Bhargavan, C.
Fournet, and G. O'Shea. In 2005 ACM Workshop on Secure Web Services (SWS
2005), Washington DC. ACM Press, 2005. 

We identify common security vulnerabilities found during security
reviews of web services with policy-driven security. We describe the
design of an advisor for web services security configurations, the first
tool both to identify such vulnerabilities automatically and to offer
remedial advice. We report on its implementation as a plugin for
Microsoft Web Services Enhancements (WSE).
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Research paper on WSE Policy Advisor, Andy Gordon <=
Previous by Date:  Fwd: OWASP NYC Chapter Meeting - Sept 28th, Andrew van der Stock
Next by Date:  Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity)
Previous by Thread:  OWASP NYC Chapter Meeting - Sept 28th, peter . stern
Next by Thread:  [Full-disclosure] Web Application Security Analyzer for PHP-Nuke/phpBB CMS, Paul Laudanski
Indexes:  [Date] [Thread] [Top] [All Lists]