XML Security [Paperback]

Blake Dournaee (Author)

Book Description

ISBN-10: 0072193999 | ISBN-13: 978-0072193992 | Publication Date: February 6, 2002 | Edition: 1

Use this book as both an XML primer and to get up to speed on XML-related security issues. Written by the experts at RSA Security, Inc., you’ll get inside tips on how to prevent denial of service attacks, and how to implement security measures to keep your XML programs protected.

Editorial Reviews

From the Back Cover

Keep XML applications and documents secure with help from the leading authority in e-security

Get up to speed on XML and applied security technologies using this authoritative guide. Covering the fundamentals of XML structures and related security technologies--including XML signatures, XML encryption, and the XML key management specification--this resource contains both the conceptual information and the practical techniques you need to successfully work with this data-structuring language. You'll learn how to implement RSA Security's product CertJ--which secures Java- and XML-based applications--and get advice for preventing against denial of service attacks and other security violations. Written by a member of RSA Security's developer support team, this definitive book gives you all the knowledge you need to keep XML-based programs and documents digitally secure.

• Learn to implement a solid XML security system using the latest technologies
• Use the book as both a security and XML primer
• Review schemas, DTDs, Xpointers, XSLT, namespaces, and more
• Learn about the various signature types--such as enveloped, enveloping, and detached
• Understand the structure, syntax, and processing rules of XML signature types
• Examine the need for an XML key management system (XKMS)
• Counteract specific security breaches--including denial of service and replay attacks
• Find out about recent W3C XML security standards
• Implement CERTJ--RSA's product which ensures security for Java and XML-based programs
• See how data privacy can be applied to XML structures via encryption

Protect your XML-based programs and improve security with the most authoritative guide to XML security available.

For more information on RSA Press titles, please visit www.rsapress.com

About the Author

Blake Dournaee joined RSA Security's developer support team in 1999, specializing in support and training for the BSAFE line of cryptographic toolkits. As part of current duties at RSA he is part of the CERTJ development team, which enables Java and XML programs to be digitally secure.

Product Details

• Paperback: 379 pages
• Publisher: McGraw-Hill Osborne Media; 1 edition (February 6, 2002)
• Language: English
• ISBN-10: 0072193999
• ISBN-13: 978-0072193992
• Product Dimensions: 9.3 x 7.5 x 0.9 inches
• Shipping Weight: 1.8 pounds (View shipping rates and policies)
• Average Customer Review: 4.3 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #1,516,159 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

4 of 4 people found the following review helpful:

4.0 out of 5 stars Excellent book on XML security, September 30, 2002

By 

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)   

This review is from: XML Security (Paperback)

When you read the XML specification, you will notice that it contains no notion of security. Critical security functionalities such as encryption, digital signatures, and authentication are simply not part of the XML standard. XML is similar to many other protocols, languages, and operating systems in that it was originally developed without any thought to security and privacy. It is only after serious security vulnerabilities are discovered and publicized that they are patched. But this find, patch, fix mentality of information security is dangerous in that security problems can exist for months or years before they are found.

Similarly within XML, much of the security functionality has been added post- facto, namely in Canonical XML, XML Signature, and XML Encryption Syntax and Processing. By adding security to the core feature set of XML, the W3C has ensured that,
to a degree, the find, patch, fix method won't be the manner in which XML security is developed. A good reference book can help you navigate this XML security landscape.

XML Security is a reader friendly title and focuses more on the implementation of XML. For readers looking for ways to use XML and less coding examples, XML Security is more useful book. The author, Blake Dournaee, is an employee of RSA Security, and the book is an RSA Press imprint. Furthermore, Chapter 8, the book's longest chapter, is about XML Signatures implementing the RSA BSAFE(c) Cert-J toolkit. Even with the RSA vendor bias, XML Security provides a good reference to the XML security functionality.

This book spends more time introducing the reader to security concepts, and Chapters 2 and 3 (Security Primer and XML Primer) provide the reader with a good overview about all of the significant concepts involved. Chapter 6 provides a plethora of XML signature examples. As XML signatures are rich in their features and syntax, combined with the vast number of elements and permutations of those elements, it can be quite difficult for someone to understand how to properly use XML signatures. Chapter 6 provides 14 different scenarios and their proposed solutions. These scenarios range from adding a single signature to a basic XML document, to adding multiple types of signatures to various documents. For readers who need good hands-on examples, Chapter 6 is worth the price of the book alone.

3 of 3 people found the following review helpful:

5.0 out of 5 stars Slight vendor bias - excellent info + W3C spec coverage, June 30, 2002

By 

Mike Tarrani "www.tarrani.com" (Deltona, FL USA) - See all my reviews
(COMMUNITY FORUM 04)    (REAL NAME)   

This review is from: XML Security (Paperback)

Given the fact that XML is a key component of web services, and extensively used in e-commerce and enterprise applications integration, this book addresses a genuinely important topic. For one reason, XML is text-based and can expose proprietary information, which is a vulnerability for competitive intelligence specialists and corporate spying.

Before going into what the book contains it's important to know that much of the material is based on RSA's view of the security. This isn't a criticism, but an up-front statement of fact because if you're looking for a book that is 100% vendor neutral you are going to have to wait until one is written - this is the only book I know of that is solely about XML security.

The book starts with primers on security and XML to set the context. It then covers, in succession, digital signatures (chapters 4, 5 and 6), and XML encryption. These chapters are consistent with work and specifications produced by XML Signature WG (joint the Working Group IETF and W3C for digital signatures) and the W3C working group for XML Encryption.

Chapter 8 is specific to RSA products. It shows how to implement XML encryption using RSA BSAFE© Cert-J, which can be downloaded in a trial version from RSA's website. Chapter 9 covers XML key management specification, which are consistent with the W3C working group's specifications, and how XML security relates to web services.

Despite the slight bias towards RSA this book is an invaluable reference. It provides an in-depth discussion of major security issues, as well as how they are being addressed by the W3C. It goes without saying that anyone who is responsible for system architecture, design and/or security should carefully read this book.

4.0 out of 5 stars Application specific content, September 27, 2004

By 

Thomas Jones (www.rootdocument.com) - See all my reviews
(REAL NAME)   

This review is from: XML Security (Paperback)

The above book is full of information with regards to XML Security and it's implementations. However, I found it to be VERY application oriented towards RSA's own Bsafe product Cert-J.

If you are interested in utilizing a C or C++ parser you should look for a different book. But, if you will be developing and/or utilizing XML via a Java-based program; this is definitly the book for you.