XML Web Services Security and Web-based Application Security
- XML web services operate over standard protocols/technologies
- XML, HTTP, TCP/IP, SMTP
- De Facto today is HTTP protocol
- Web-based services: vulnerabilities within infrastructure
- ex. web application published, the entire world is invited to send HTTP requests
- attacks can be buried and past firewalls/filters/platform/intrusion detection
- Defenses used can be parameter validation on
- The data type (string, integer, real, etc) ·
- Allowable character set
- Minimum and maximum length
- Whether a null is allowed or not
- Whether the parameter is required or not
- Whether duplicates are allowed
- Numeric ranges · enumerated values · specific patterns
- etc
Discussion Questions:
- What web-based services do you use most commonly in your day-to-day operations?
- Have you encountered a situation where a web-based vulnerability were exploited?
Leave a Reply
You must be logged in to post a comment.