[Owasp-leaders] Web Service Cheaters!

Thomas Brennan tomb at owasp.org
Fri Oct 7 01:19:03 EDT 2011


International translation efforts of projects are the talk of the town at APPSECLATAM 2011


On Oct 7, 2011, at 12:12 AM, mark curphey wrote:

> Great stuff. Some notes on sections as I digest it
> 
> Server Auth
> 
> Server Authentication
> 
> Transport level authentication verifies the identity of the user or the system trying to connect to the service. Usually, transport authentication is a functional of the container of the web service. 
> Rule - Basic Authentication has to be conducted using HTTP over SSL 
> Rule - Client Certificate Authentication using HTTP over SSL to be used if the client and server need to authenticate each other
> 
> Notes
> Its called Server auth but talks about user auth. which might be a little confusing. 
> Is it with describing mutual TLS auth (or clarifying that there is client auth, server auth and mutual auth options) under the client cert auth ?
> I think the basic auth rule should read "Basic HTTP AuthN should be over TLS/ SSL" ?
> 
> Great stuff, more notes to come…..
> 
> 
> 
> On Oct 6, 2011, at 8:52 PM, Jim Manico wrote:
> 
>> Hello Leaders,
>> 
>> We just pushed our first version of the Web Service Security cheat sheet here:
>> 
>> https://www.owasp.org/index.php/Web_Service_Security_Cheat_Sheet
>> 
>> Thanks to Gunnar Peterson for getting us started, to Sherif Koussa for driving it home, and for that many others who helped provide content and suggestions.
>> 
>> I would be very grateful if the web service security experts in our community would take a peek (its a fast read) and provide comments. 
>> 
>> Thanks all,
>> 
>> -- 
>> Jim Manico
>> 
>> Connections Committee Chair
>> Cheatsheet Series Product Manager
>> OWASP Podcast Producer/Host
>> 
>> jim at owasp.org
>> www.owasp.org
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list