Muutke küpsiste eelistusi

E-raamat: Security for Service Oriented Architectures

3.67/5 (5 hinnangut Goodreads-ist)
  • Formaat: 341 pages
  • Ilmumisaeg: 24-Apr-2014
  • Kirjastus: Auerbach
  • Keel: eng
  • ISBN-13: 9781466584044
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 70,19 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Security for Service Oriented ArchitecturesSuurem pilt
  • Formaat: 341 pages
  • Ilmumisaeg: 24-Apr-2014
  • Kirjastus: Auerbach
  • Keel: eng
  • ISBN-13: 9781466584044
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

"Providing a comprehensive guide to security for web services and SOA, this book covers in detail all recent standards that address web service security, including XML Encryption, XML Signature, WS-Security, and WS-SecureConversation. It also reviews recent research on access control for simple and conversation-based web services, advanced digital identity management techniques, and access control for web-based workflows. With illustrative examples and analyses of critical issues, the book is a solid reference on web service standards, a practical overview for researchers looking for innovative new directions,and a suitable textbook on advanced topics in computer and system security"--

Williams provides both security and software architects a bridge between the two architectures, to help them develop software architectures that leverage security architectures. Each chapter could be and has been covered by a full-length book, he says, but his goal is to draw the information together to show how building software architectures within security architectures allows the development of more scalable and resilient applications, which become a trusted platform for their execution of business functionality. Annotation ©2014 Ringgold, Inc., Portland, OR (protoview.com)

Although integrating security into the design of applications has proven to deliver resilient products, there are few books available that provide guidance on how to incorporate security into the design of an application. Filling this need, Security for Service Oriented Architectures examines both application and security architectures and illustrates the relationship between the two.

Supplying authoritative guidance on how to design distributed and resilient applications, the book provides an overview of the various standards that service oriented and distributed applications leverage, including SOAP, HTML 5, SAML, XML Encryption, XML Signature, WS-Security, and WS-SecureConversation. It examines emerging issues of privacy and discusses how to design applications within a secure context to facilitate the understanding of these technologies you need to make intelligent decisions regarding their design.

This complete guide to security for web services and SOA considers the malicious user story of the abuses and attacks against applications as examples of how design flaws and oversights have subverted the goals of providing resilient business functionality. It reviews recent research on access control for simple and conversation-based web services, advanced digital identity management techniques, and access control for web-based workflows.

Filled with illustrative examples and analyses of critical issues, this book provides both security and software architects with a bridge between software and service-oriented architectures and security architectures, with the goal of providing a means to develop software architectures that leverage security architectures.

It is also a reliable source of reference on Web services standards. Coverage includes the four types of architectures, implementing and securing SOA, Web 2.0, other SOA platforms, auditing SOAs, and defending and detecting attacks.

Preface ix
In Gratitude xi
Chapter 1 Introduction 1(2)
Chapter 2 Four Kinds Of Architectures 3(62)
2.1 Architecture
3(1)
2.2 Infrastructure
4(5)
2.3 Software Architectures
9(13)
2.3.1 Key Principles
10(3)
2.3.2 Presentation Layer
13(2)
2.3.3 Business Layer
15(1)
2.3.4 Data Layer
16(3)
2.3.5 Workflow
19(1)
2.3.6 Communications and Messaging
20(1)
2.3.7 Service Layer
21(1)
2.4 Service-Oriented Architecture
22(8)
2.4.1 Distributed Computing and Services
23(2)
2.4.2 Process-Oriented SOA
25(2)
2.4.3 Web Services or an Externally Focused SOA
27(3)
2.4.4 Enterprise Service Bus
30(1)
2.5 Security Architecture
30(31)
2.5.1 Construction of a Security Architecture
33(1)
2.5.2 Risk Management
34(2)
2.5.3 Organization and Management
36(1)
2.5.4 Third Parties
37(1)
2.5.5 Asset Management
38(1)
2.5.6 Information Classification
39(2)
2.5.7 Identity Management
41(3)
2.5.8 Security Awareness and Training
44(1)
2.5.9 Physical Security
44(1)
2.5.10 Communications and Operations Management
45(1)
2.5.11 Perimeters and Partitioning
46(2)
2.5.12 Access Control
48(1)
2.5.13 Authentication
48(2)
2.5.14 Authorization
50(1)
2.5.15 Separation of Duties
51(1)
2.5.16 Principles of Least Privilege and Least Authority
51(1)
2.5.17 Systems Acquisition, Development, and Maintenance
52(1)
2.5.18 Confidentiality Models
52(1)
2.5.18.1 Lattice Models
52(1)
2.5.19 Nonrepudiation
53(1)
2.5.20 Integrity Models
53(1)
2.5.21 Service Clark—Wilson Integrity Model
54(4)
2.5.22 Security Assessments and Audits
58(1)
2.5.23 Incident Management
58(1)
2.5.24 Business Continuity
59(1)
2.5.25 Compliance
60(1)
2.6 Data Architectures
61(4)
Chapter 3 Implementing And Securing SOA 65(184)
3.1 Web Services
65(1)
3.2 Extensible Markup Language
66(21)
3.2.1 Signing XML
68(6)
3.2.1.1 XML Digital Signature
68(6)
3.2.2 XML Encryption
74(5)
3.2.3 Key Management
79(3)
3.2.3.1 Key Information
79(1)
3.2.3.2 Location
79(1)
3.2.3.3 Validation
80(1)
3.2.3.4 Binding
80(1)
3.2.3.5 Key Registration
80(2)
3.2.4 XML and Databases
82(1)
3.2.4.1 A Database Query Language for XML
82(1)
3.2.4.2 XML Databases
83(1)
3.2.5 UDDI
83(1)
3.2.6 WSDL
84(3)
3.3 SOAP
87(12)
3.3.1 SOAP Roles and Nodes
89(1)
3.3.2 SOAP Header Blocks
90(1)
3.3.3 SOAP Fault
90(1)
3.3.4 SOAP Data Model
91(1)
3.3.5 SOAP Encoding
91(1)
3.3.6 Bindings
92(1)
3.3.7 Documents and RPC
93(2)
3.3.8 Messaging
95(4)
3.4 WS-Security
99(96)
3.4.1 WS Trust
107(9)
3.4.2 WS-Policy
116(13)
3.4.3 WS-SecureConversation
129(4)
3.4.4 WS-Privacy and the P3P Framework
133(11)
3.4.4.1 POLICIES
135(9)
3.4.5 WS-Federation
144(29)
3.4.5.1 Pseudonyms
153(9)
3.4.5.2 Authorization
162(11)
3.4.6 Authorization without WS-Federation
173(5)
3.4.7 WS-Addressing
178(5)
3.4.8 WS-ReliableMessaging
183(8)
3.4.9 WS-Coordination
191(2)
3.4.10 WS Transaction
193(2)
3.5 SAML
195(49)
3.5.1 Assertions
197(8)
3.5.2 Protocol
205(9)
3.5.2.1 Assertion Query and Request Protocol
207(2)
3.5.2.2 Authentication Request Protocol
209(3)
3.5.2.3 Artifact Resolution Protocol
212(1)
3.5.2.4 Name Identifier Management Protocol
212(1)
3.5.2.5 Single-Logout Protocol
213(1)
3.5.2.6 Name Identifier Mapping Protocol
214(1)
3.5.3 Authentication Context
214(4)
3.5.4 Bindings
218(8)
3.5.5 Profiles
226(3)
3.5.6 Metadata
229(11)
3.5.7 Versions
240(1)
3.5.8 Security and Privacy Considerations
241(3)
3.6 Kerberos
244(2)
3.7 x509v3 Certificates
246(1)
3.8 OpenID
246(3)
Chapter 4 WEB 2.0 249(4)
4.1 HTTP
249(1)
4.2 REST
250(1)
4.3 WebSockets
251(2)
Chapter 5 Other SOA Platforms 253(18)
5.1 DCOM
253(1)
5.2 CORBA
253(1)
5.3 DDS
254(1)
5.4 WCF
255(1)
5.5 .Net Passport, Windows LiveID
256(1)
5.6 WS-BPEL
257(14)
Chapter 6 Auditing Service-Oriented Architectures 271(20)
6.1 Penetration Testing
272(19)
6.1.1 Reconnaissance
272(5)
6.1.2 Injection Attacks
277(1)
6.1.3 Attacking Authentication
278(6)
6.1.4 Attacking Authorization
284(2)
6.1.5 Denial-of-Service Attacks
286(1)
6.1.6 Data Integrity
286(2)
6.1.7 Malicious Use of Service or Logic Attacks
288(1)
6.1.8 Poisoning XML Schemas
289(2)
Chapter 7 Defending And Detecting Attacks 291(6)
7.1 SSL/TLS
291(3)
7.2 Firewalls, IDS, and IPS
294(3)
Chapter 8 Architecture 297(20)
8.1 Example 1
297(3)
8.2 Example 2
300(5)
8.3 Example 3
305(2)
8.4 Example 4
307(10)
Bibliography 317(6)
Index 323
Walt Williams, CISSP, CEH, CPT has served as an infrastructure and security architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The Commerce Group, and EMC. He has since moved to security management, where he now manages security at Lattice Engines. He is an outspoken proponent of design before build, an advocate of frameworks and standards, and has spoken at Security B-Sides on risk management as the cornerstone of a security architecture. Mr. Williams' articles on security and service oriented architecture have appeared in the Information Security Management Handbook . He sits on the board of directors for the New England ISSA chapter and is a member of the program committee for Metricon. He has a master's degree in anthropology from Hunter College.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97814665840442e.html
Märksõnad: