I'm giving a talk at the RSA Conference in March about the continuing usage of XML as an attack path into Cloud services. Many Cloud services include WSDLs and XML-consuming services. Although XML has now been around a long time, attacks making use of XML are surprisingly resilient (or many not surprising at all, given that SQL Injection has also been known about for a long time). The Cloud just provides a much larger attack surface.
As I've written before, a cloud service broker is the way option to augment security and compliance in front of the Cloud service itself. But, in order to protect the "soft underbelly of the Cloud", Cloud service providers themselves will realize in time that their corporate customers would like the broker effectively baked at the edge.
So, hope to see you at RSA! This year it's earlier than usual, at the start of March, in San Francisco's Moscone Center.
Wednesday, January 20, 2010
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment