NIST has released a security guideline for web services.
From GCN:
The National Institute of Standards and Technology has released a 128-page guide to help organizations understand the security challenges of Web services in service-oriented architecture.
NIST Special Publication 800-95, “Guide to Secure Web Services,” provides practical guidance on current and emerging standards applicable to Web services in addition to background information on the most common security threats to SOAs based on Web services. The guidelines are hardware and software independent and do not address perimeter security devices such as firewalls or access control tools.
Web services based on the Extensible Markup Language, Simple Object Access Protocol and related open standards that are deployed in SOAs allow data and applications to interact without human intervention through dynamic and ad hoc connections.
I have not had a chance to review this one just yet. If anyone else has feel free to leave a comment.
Tags: NIST, Web Services, Web Security
