Service Orientated Architecture (SOA) Security

Recently, I’ve been doing a fair amount of work in the SOA area. It’s funny how many folks want to expose ancient code directly to untrusted third parties. All is not well in the SOA space, and it’s important to understand the risk of web service enabling calls to “trusted” systems. That code is generally […]

PHP Security Architecture: SABSA approach

There are only a few acknowledged industry security architectures. SABSA (best documented in Enterprise Security Architecture by Sherwood, Clark and Lynas) is probably the best known. The various artifacts from this architecture include: Each of these layers needs to be thought about in a considered way: (Business) Drivers Why do you want X / How […]

PHP Security Architecture – Contextual Overview

Overview The problem with PHP is that it has no security architecture. What do I mean by security architecture? A single pervasive vision for security, which will last for approximately five years with little or no design maintenance. A robust security architecture creates a balance between functionality and risk, and ensures that by default, simple […]