Book review: XML security books

Wednesday, 2 October 2002, 9:47 AM EST

When you read the XML specification, you will notice that it contains no notion of security. Critical security functionalities such as encryption, digital signatures, and authentication are simply not part of the XML standard. XML is similar to many other protocols, languages, and operating systems in that it was originally developed without any thought to security and privacy. It is only after serious security vulnerabilities are discovered and publicized that they are patched. But this find, patch, fix mentality of information security is dangerous in that security problems can exist for months or years before they are found.

Similarly within XML, much of the security functionality has been added post-facto, namely in Canonical XML, XML Signature, and XML Encryption Syntax and Processing. By adding security to the core feature set of XML, the W3C has ensured that, to a degree, the find, patch, fix method won't be the manner in which XML security is developed.

A good reference book can help you navigate this XML security landscape. A pair of recent books, Secure XML: The New Syntax for Signatures and Encryption and XML Security do a good job of showing how XML can be made secure.

[ Read more ]




Spotlight

People will do anything for free Wi-Fi

Posted on 30 September 2014.  |  A new Wi-Fi investigation conducted on the streets of London shows that consumers carelessly use public Wi-Fi without regard for their personal privacy.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //