Enterprise apps may pose Web services security problem
- Subject: Enterprise apps may pose Web services security problem
- From: Gary Stoneburner <gary.stoneburner@nist.gov>
- Date: Fri, 21 May 2004 09:58:48 -0400
- Content-Type: multipart/alternative; boundary="=====================_330751140==.ALT"
re:
http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci965546,00.html?track=NL-110&ad=483151
"... yet-untapped vulnerabilities in Web services-enabled enterprise
applications from giants such SAP AG, PeopleSoft Inc., Oracle Corp. and
others that could open a whole new front of woes that need defending
...:
It seems to me that if the opening of web interfaces to
applications needs to be highlighted as a potential problem, then the
significant problem is the need for such highlighting :-).
"Wagner held up Microsoft's beleaguered Web server software IIS as
an example. It's built with a relatively small code base and is intended
for use on untrusted networks. It has been highly reviewed by the
security community, yet in 2002, there were 25 major vulnerabilities
found in the software."
It would appear that the "intended" and "highly
reviewed" are being placed in a context of reality "25 major
vulnerabilities". Results, not intentions, matter. It
seems that the intention and the review are not achieving the
purpose.
Cheers,
Gary
**************************************************************************
* Opinions expressed are not intended to reflect an official
position
**************************************************************************
* Gary
Stoneburner
* Computer Security Division, National Institute of Standards &
Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD
20899-8930
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
*
http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************
Date Index |
Thread Index |
Problems or questions? Contact list-master@nist.gov