Database Reference
In-Depth Information
Risk mitigation design rules
We didn't set a goal of covering all possible vulnerabilities and attacks. You can study them
at OWASP and other resources, but the ones mentioned are sufficient to devise your battle
plan and gather all the critical requirements for your SOA protection. Clearly, there is no
single tool that can help us a 100 percent, but from from the risk table, you can gather that
Service Perimeter Guard is the top pattern to address most of the SOA-related risks. To-
gether with proper service design, an identity management system, security token services,
and Policy Studio, this pattern, materialized as Secure Gateway, will be our first line of de-
fense.
Using code for vulnerabilities and attack types from the from the previously discussed clas-
sification we will compose our security battle map—a security-related heat map in a form
of SOA components and technical infrastructure blueprint, where we link the existing ser-
vice domains with predefined codes. The goal is to identify critical nodes in our infrastruc-
ture and assess the feasibility of the core SOA patterns application. We will use the CTU
telecom example from the previous chapters, but its SOA infrastructure is quite common to
any enterprise. The level of details on this block diagram will ultimately define the preci-
sion of the security protection assessment. So it's in your own interest to make it as com-
plete and comprehensive as possible. What is presented in the next figure is just a starting
point and you should expand it for every layer with a clear definition of overlapping sec-
tions (areas that an attacker will try to address first).
We already placed Oracle strategic products in appropriate places, including Service Gate-
way, Entitlement, and Identity Management Suite. Bear in mind that most vulnerabilities
are inherited from poor service design and this fact is quite hard to visualize on the heat
map; you should refer to peer review reports for this.
Search WWH ::
Custom Search