An Advisor for Web Services Security Policies
- Karthik Bhargavan ,
- Cédric Fournet ,
- Andy Gordon ,
- Greg O'Shea
2005 ACM Workshop on Secure Web Services (SWS) |
Published by ACM
We identify common security vulnerabilities found during security reviews of web services with policy-driven security. We describe the design of an advisor for web services security configurations, the first tool both to identify such vulnerabilities automatically and to offer remedial advice. We report on its implementation as a plugin for Microsoft Web Services Enhancements (WSE).