The large scale deployment of Web services and e-business technologies in general – is affected by numerous implementation (for example, interoperability and integration) and security issues. The focus of this chapter is mainly on exploring the latter from the perspective of initiatives for mitigating security risks in Web services (for example, WS-S specifications) and e-business technologies (for example, security standards, business continuity planning, and cyber legislation). Best practices and recommendations for addressing security risks in the rapidly evolving Web environment are presented. Future research trends associated with the topic of security in Web services and e-business technology applications are also discussed.
TopWeb Services Security Issues
As the leading US analyst firm, Gartner, predicted a skyrocketing increase in Web services applications in 2003, it simultaneously identified Web services security as one among the top 11 security issues facing companies in that same year (Parry, 2003). Seven years later in 2010, the concern has only increased, mainly due to the fact that we have continued to see Web services applications being developed and deployed even though we have not exactly been able to address all the security challenges that confront these services. More recent reports also indicate that attackers are focusing their attention on interactive Web 2.0 elements with some 95 percent of user-generated comments on blogs, message boards, and chat rooms being either spam or containing malicious links (Websense, 2009). However, as O’Neill et al. (2003) point out, Web services needs to be secure in order to enjoy widespread deployment.
So what are some of the main issues associated with securing Web services? A survey of the literature reveals that many of the issues identified are in fact common to all distributed computing technologies and includes factors such as authentication, authorization, confidentiality, integrity, non-repudiation, availability and end to end security. These are in fact some of the main security issues facing Web service deployments. In addition, there could also be issues which arise from the nature of Web services themselves, such as diversity of standards specifications, need for new XML formats to structure security data, interoperability of requirements and online security elements, to name a few (Gutiérrez et al. 2004).
In their latest industry report, the Secure Enterprise 2.0 Forum (a group of organizations and individuals composed of executives at Fortune 500 companies who have embraced the trend of Web 2.0 tools and services in enterprise) has identified the top eight Web 2.0 vulnerabilities (Perez 2009). These are described in Table 1.