Hacking Web Services [With CD-ROM]

I bought this book back in 2007 after looking for a concise book on web service security. I couldn't find anything at the time that didn't provide more filler than valuable content. This book does the exact opposite. Not only does it provide valuable content that is easy to follow and not too verbose, the examples and list of tools that can be used to interrogate web services were very clear, accurate, and very beneficial for gaining a good understanding of SOAP, WSDL, etc. I highly recommend this book for any .NET or Java developer working with web services, as well as IT security professionals who do not have a programming background.

The development of web services is growing, along with security issues relating to web sites and their management - and HACKING WEB SERVICES is a recommended pick for any concerned with ongoing security issues. Intermediate to advanced security pros and developers receive a detailed look at the foundations and tools for web services security, from the evolution and historical background of their development to using the latest open source tools and techniques. From common vulnerabilities and built-in problems to handling commercial loss, HACKING WEB SERVICES also includes a cd-rom for maximum detail. Diane C. Donovan California Bookwatch

Although I dont agree that it is anything more than a minor quibble, I do agree with the other reviewer who said that the book could've used a bit more grammatical editing. Despte that, its a very good book. Its still a very real-world, informative book on web services, very indepth, and stuff I could apply to work right away. My edition, which is also a first edition, must be a later printing because Ive found NO typos that are actually content-related, just some clumsy sentences here and there.

Web Services is one of the fastest growing parts of the web. It is the standard format that allows computers to communicate with computers using the web as the communications medium. Being used largely in a business to business environment, the need for security is very high. And of course the efforts of the bad guys to break that security is also high. This book is intended for the intermediate to advanced security managers and for system developers. It provides a detailed look at web services including it's concepts, protocols, and components. This takes about one quarter of the book. It's necessary to provide the background of the web services concept upon which is built the security systems. The remainder of the book is on security. It includes known holes in the system, approaches the bad guys use, and of course mostly information that you can use to block them from getting into your system. This includes security tools that have been developed. There is a CD with the book that has demos on the tools, the working of Web Services, audit and defense methodologies. This is a book that in a good world you would never need, but if you're running web services sooner or later you'll need this information.