Hacking Web Services
Web Services are an integral part of next generation Web applications. The development and use of these services is growing at an incredible rate, and so too are the security issues surrounding them. Hacking Web Services is a practical guide for understanding Web services security and assessment methodologies. Written for intermediate-to-advanced security professionals and developers, the book provides an in-depth look at new concepts and tools used for Web services security. Beginning with a brief introduction to Web services technologies, the book discusses Web services assessment methodology, WSDL—an XML format describing Web services as a set of endpoints operating on SOAP messages containing information—and the need for secure coding. Various development issues and open source technologies used to secure and harden applications offering Web services are also covered. Throughout the book, detailed case studies, real-life demonstrations, and a variety of tips and techniques are used to teach developers how to write tools for Web services. If you are responsible for securing your company?s Web services, this is a must read resource!
Review By: Chris A. Grady
07/09/2010
Hacking Web Services, by Shreeraj Shah, is a well-written, effectively organized text that provides the reader with in-depth technical knowledge regarding Web service security. The initial chapters provide the reader a superb introduction to the basics of Web services, followed by a brief but concise look at the various building blocks of Web service technologies. Subsequent chapters further explore subjects such as “Web Services Security Framework” or “Web Services Attack Vectors.” The accompanying CD-ROM provides concrete and illustrative examples of the discussed ideas and tools.
The material is presented in a logical albeit technical manner. The chapters flow flawlessly from one concept to the next, each containing a case study or a narrative. A brief summary concludes each section. I never felt the need to seek answers elsewhere in the text or that something went unexplained.
I recently began actively testing Web-related code, and this book provides a nice introduction to Web services. Going through a number of sections and utilizing the CD-ROM, I felt that I was receiving a classroom lecture from the author. I never thought that the concept was overly complicated or used simply to fill pages.
This book does not offer a lot of substance to the non-Web-based application tester, but it is a handy reference for testers involved in Web-based applications. I like the explanations offered via CD-ROM, and I was able to apply the concepts in actual, real-world scenarios. The appendix is invaluable for finding additional resources in a convenient place. I did get the feeling though that the information might become obsolete in two to three years, but Hacking Web Services still will provide a fundamental knowledge base for this expanding domain.
Hacking Web Services provides a nice introduction to the security behind the ever-expanding Web services domain. The accompanying CD-ROM allows the user to see the tools and ideas in action and apply them to real life scenarios. It’s a must have for those involved with Web-based applications, from systems analysts to systems developers.