Girish Juneja

In the enterprise IT environment today, modern middleware technologies make it easier to expose existing or new business applications as sets of services. However, with the mashup of cloud-based services and enterprise data center services, the visibility of how a service created today will be used in the future gets murkier. This is because it's difficult to predict how a service will be consumed over long periods of time and by which consumers, and further how the service may be integrated with other services or legacy applications to create new composite services. It also remains a challenge to architect services in such a way that service upgrades don't affect consumers unpredictably. The hype of "just create services with an Enterprise Service Bus (ESB) and you'll have the benefits of a service architecture such as lower costs and software reuse" typically lea... (more)

WS Security Track - XML Content Attacks

This session defines a new class of threats, XML Content Attacks, and differentiates these threats from more general Web services attacks and XML security-based attacks. These three related but distinct threat areas are explained. The session covers XML Content Attacks with regard to tree-based parsing exploits related to coercive parsing, node-depth attacks, and DOM. XML grammar validation exploits such as schema poisoning and lax-content models are discussed, and why traditional schema validation cannot ensure content-model consistency. Web services attacks like WSDL scanning a... (more)