[WEB SECURITY] SIFT Web Services Security Testing Framework
Daniel Grzelak
daniel.grzelak at sift.com.au
Sun Nov 12 22:23:10 EST 2006
SIFT has released a new Intelligence Report titled 'A Web Services Security
Testing Framework'. The framework covers the entire web services security
testing process incorporating detailed threat modelling, scoping and
planning methodologies tailored specifically for web services applications.
It also provides a structured approach to assessing the security of a web
service through an application-level penetration test and aims to deliver a
repeatable means for security assurance.
A primary goal of this framework is to stimulate community interest and
drive the further development and adoption of structured security assurance
methodologies for web services. We welcome mailing list subscribers to
review the paper and will endeavour to incorporate feedback in future
versions of the framework.
Please send feedback and suggestions to research at sift.com.au.
The paper is available for download from the SIFT website:
http://www.sift.com.au/36/175/a-web-services-security-testing-framework.htm
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list