Friday, January 05, 2007

Book review - Microsoft Technet

Technet posted book review on Hacking web services
Shreeraj Shah's Hacking Web Services (Charles River Media, 2006) is a valuable resource for those involved in development, deployment, or support of Web services. The book is a well-organized general security reference for Web services and their component technologies. And it does a good job of detailing what is involved in defending them in your infrastructure and through your development practices.

The book begins with a relatively in-depth introduction to Web services A case study titled "The Consequences of Procrastination" teaches you about the power of preemptive security procedures and the penalties of reactive systems. The chapter titled "Web Services Scanning and Enumeration" discusses how to use the wsChess, a .NET-based Web service security toolkit from Net-Square (, to profile and footprint Web services.

The book includes a utility CD, which contains a sample .NET-based application called SOAPWall. This shows you how to block injection characters and buffer overflows in your .NET Web services. In addition, the CD provides demos of different types of Web service attacks.