Replay, transaction insertion, out of order command processing and state modification are all examples of Web Services specific attacks that are opened up as part of a message/transaction driven architecture. Digital signatures, strong identities, sequence numbers, validity periods and encryption are all tools that can be used to mitigate such threats.
Dig Deeper on Topics Archive
Related Q&A from Andrew Nash
Web services security expert Andrew Nash discusses how to guard against SQL injection. Continue Reading
Web services security expert Andrew Nash discusses SOA and the security of entry points. Continue Reading
Web services security expert, Andrew Nash, explains the difference between data validation and Web services and Web applications. Continue Reading