Techniques in Attacking and Defending XML/Web Services

Mamoon Yunus and Jason Macy gave this presentation with an overview of XML/Web services and how the usual security rules apply to this area.

Review of the problems with XML/Web services

Still have all the normal problems.

  • Firewalls are not aware of the xml content
  • Malware and viruses (or xss) can be included in the content depending on what context the xml data is used.
  • WSDL exposes the schema and message structure
  • Injection attacks are possible via the XML parameters
  • Data replay is still possible
  • Denial of service is still possible, especially with parameters
Syndicate content