1 / 13

NEbraskaCERT CSF Web Services

NEbraskaCERT CSF Web Services. Matthew G. Marsh Chief Scientist, NEbraskaCERT. Overview. Web Services What is it Why is it Who cares Styles of Web Services XML, SOAP, WSDL, UDDI and other picture postcards… REST On easy street… Architecture(z) These are words with a Z this time….

jimmiebrown
Télécharger la présentation

NEbraskaCERT CSF Web Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NEbraskaCERT CSFWeb Services Matthew G. Marsh Chief Scientist, NEbraskaCERT

  2. Overview • Web Services • What is it • Why is it • Who cares • Styles of Web Services • XML, SOAP, WSDL, UDDI • and other picture postcards… • REST • On easy street… • Architecture(z) • These are words with a Z this time…

  3. Web Services • What is it • Services you get over the Web • What s’matta – you deef… Sheesh. • Web – you know – that Netscape OS thingie • QoS – Mass entertainment • Why is it • Good buzzword for sales pitches • You don’t understand - Mr. Sales Puppet does! • Who cares • Your Boss read about it in an airline magazine • So now you care

  4. Web Services – Part Deux • Data Representation • What is the definition of data • Intercommunication • How do I manipulate data • Description • What does my data look like • Discovery • Where is my data

  5. Styles of Web Services - .1 • XML, SOAP, WSDL, UDDI • XML – eXtensible Markup Language • Same as SGML only k3w1r • SOAP – Simple Object Access Protocol • Uh-huh – Remember ASN.1 … • WSDL – Web Services Description Language • The XML way to say “Web Site” • UDDI – Universal Description Discovery Integration • X.500 is simple by comparison

  6. Styles of Web Services - .01 • XML – Defines your Data! • In a separate file of course • And what happens if that file is corrupt… • SOAP – Remember RPC – this is RPC! • Only better because it comes in over port 80 and you cannot tell what it is doing unless you run it. • Bye Bye Filtering Proxy… • WSDL – XML to define your Web Site • And what if I change one wee little bit • Oh naughty – don’t do that! • UDDI – X.500 taken to the logical extreme • So you know where the site is that specifies where all the other k3w1 sites are but you would not touch that… I mean that would be like making free long distance calls by whistling into the phone dude….

  7. Styles of Web Services - .2 • REST - Representational State Transfer • Remember GOPHER protocol • Ahhh Archie and Veronica • What made the WWW take off back in 1991 • URL – Uniform Resource Location • HTTP – HyperText Transfer Protocol • The core of the WWW is the combination of a global resource location scheme using DNS (URI/URL) with a simple and easy resource consumption mechanism (HTTP).

  8. Styles of Web Services – 0xff • Consider how you as graphical consumer know how the web page you are looking at was created • No peeking at the source!! • Hmmm – no clue – eh? • Was it static or dynamic? • How do you tell? The internal representation of a resource is IRRELEVANT! • So why would you want to use an externally defined, RPC driven “service” that requires a complex fat client merely to display your warez?

  9. The Answer Because you want to violate something! After all – Security is just a cost center

  10. Architecture • Traditional Web Services must only run in a n-tier environment • That is pronounced “ahn – tear” “ehn-virulent”

  11. Architecture - Concepts • n-Tier Architecture • Traditional separation of processing duty. • Similar to the concept of an exploded mainframe • Presentation (Green Screen) • Processing (COBOL) • DataBase (oh yuck – pick your own horror…) • But since this is “exploded” we can actually obtain access to the points in between • Even better we can slip in and reside within the middle or back systems • Consider the difference between a SOAP procedure to index your DB and Melissa LovinU… • Personally I can wait to see the first SOAP virii…

  12. Architecture - Concepts • Protection Mechanisms • Document your software • Yes – this means UML and Data Flow Diagrams • Unified Modeling Language • Good Programming and Design Practices • Respect GIGO • Leverage the Synergy of Parallelistic Realities • Ummm – y’know – use _lots_ of Snort probes… • Consider the simplest representation of the data • AND USE IT • Try to constrain data type flow • SOAP in – XML out • Understand the systematic structure • Strive for ISN or at least respect PoI

  13. This is The

More Related