“Security for Service Oriented Architectures”, Walter Williams, 2014,
%A Walter Williams email@example.com
%C #300 – 6000 Broken Sound Parkway NW, Boca Raton, FL 33487-2742
%G 978-1466584020 1466584025
%I CRC Press
%O U$61.97 800-272-7737 http://www.bh.com/bh/
%O Audience i+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P 329 p.
%T “Security for Service Oriented Architectures”
Walt Williams is one of the sporadic, but thoughtful, posting members of the international CISSP Forum. He has come up with a significant text on an important topic.
After some preface and introduction, the book starts in chapter two, defining the four kinds of architecture in computer systems: infrastructure, software, data, and security. This chapter covers foundational concepts, as well as service oriented architecture SOA), and is, alone, worth the price of the book.
Chapter three, on implementation, comprises the bulk of the space in the work, and is primarily of interest to those dealing with development, although it does have a number of points and observations of use to the manager or security practitioner. “Web 2.0” (chapter four) has some brief points on those advanced usages. A variety of additional SOA platforms are examined in chapter five. Chapter six, on the auditing of SOA applications, covers not only the how, but also notes specific types of attacks, and the most appropriate auditing tools for each case. Much the same is done, in terms of more general protection, in chapter seven. Chapter eight, simply entitled “Architecture,” finishes off with sample cases.
It is an unfortunate truism that most security professionals do not know enough about programming, and most programmers don’t care anything about security. This is nowhere truer than in service oriented architecture and “the cloud,” where speed of release and bolt-on functionality trumps every other consideration. Williams’ work is almost alone in a badly under-served field. Despite a lack of competition, it is a worthy introduction. I can recommend this book to anyone involved in either security or development, particularly those working in that nebulous concept known as “the cloud.”
copyright, Robert M. Slade 2015 BKSECSOA.RVW 20150130