Download Free Service Oriented Architecture (SOA) Security Checklist
Download Free Service Oriented Architecture (SOA) Security Checklist. This checklist cover some SOA security checklist such as:
Deployment and administrative
• Debugging and tracing status on production system—Off
• Web services should be running with least privileged mode if possible
• Protocol hardening—supporting SOAP only
WSDL hardening
• No unnecessary services or method exposed to external world
• Auto generation of WSDL can be disabled if needed
• WSDL file can be in protected area with authentication
Exception handling
• Exception management for Web services routines
• No information leakage from
• Logging exception details for tracking breach
• Application-level SOAP handling with exception
“In transit” management
• SSL for end-to-end connection
• Digitally signed message if going through multiple nodes
Validating inputs
• XML input checking with schema
• Input filtering before consuming untrusted variable
• Input check on range, size, length, etc.
Authentication and authorization
• SSL and Basic authentication
• WS-Security authentication mechanism in SOAP header
• Application-level authentication and ACLs
• Authorization design and ACLs
• Methods-based authorization with respect to WSDL
| Attachment | Size |
|---|---|
| soa-security-checklist.xls | 16 KB |
- 850 reads