A framework for multi-platform SOA security analyses

Abstract

The myriad of SOA platforms and the complexity of the Web Services standards has meant that it is difficult for users to ensure that their deployments are appropriately secure. Despite the compilation of various SOA security "best practices", detecting violations of such practices has proven difficult. To address this need, we developed a tool that can analyze the deployment configurations of multiple SOA platforms and report potential SOA best practice violations. In this paper, we compare, contrast and categorize SOA platforms, and describe the analysis challenges posed by each category. We describe our framework architecture for our multi-platform analyses, and further describe our prototype implementation of this architecture. © 2007 IEEE.