Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Making A Webservice Secure

Im wrapping up my Iphone app. Im just worried about security at our web server level. The data is being pulled over to the iphone app via web services.

What security measures can i put on the web services so that I am not vulnerable?

Thanks

like image 250
Matt Avatar asked Aug 17 '10 20:08

Matt


1 Answers

A few pointers:

  • Verify all requests from the Web Service using RSA signed XML
  • Make sure everything is transmitted over SSL
  • Encrypt all data traffic. I recommend looking into the DUKPT key management system, using AES encryption.
  • Use WCF - It is the latest standard after all (also this)
  • Use some sort of web service authentication. This can be as simple as every request needing a username and password to be valid. This will slow down direct call attempts, and if you get the encryption right, you won't have to have the usernames and passwords in plain XML.
  • The most important thing is make sure the server itself is secure. If someone cracks the server, you're dead in the water, nevermind what else you do.

EDIT:

Have a look at this question for iPhone to .NET AES Interoperability.

like image 101
Kyle Rosendo Avatar answered Oct 19 '22 23:10

Kyle Rosendo