Penetration Testing mailing list archives
WS Security
From: auto176251 () hushmail com
Date: Mon, 15 Dec 2008 11:42:33 +0000
Hi there, I need to identify all the associated risk of ws exposure to the internet and intranet, and the ways to mitigate them. From what i've tested and learned over the years, the risks are: WSDL Probing Brute Forcing the XML Parser Malicious Content External References Attacks SOAP Attacks The ways to mitigate this without buying one of those expensive XML appliances, is making sure developers validate all input (as it was for the webapps), an almost impossible task IMHO. If any of you has pointers to some documents that systematically point out all the risks and alternative ways to mitigate them it would help me a lot. Thanks. -- Click to become a master chef, own a restaurant and make millions. http://tagline.hushmail.com/fc/PnY6qxtWo9TxmvQTJtuabE4ZMDCybt3dk1NTOIbqc77dWg6nwW2fD/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- WS Security auto176251 (Dec 15)
- <Possible follow-ups>
- Re: WS Security Jan Muenther (Dec 15)
- Re: WS Security Leonardo Cavallari Militelli (Dec 16)
- Re: WS Security anj (Dec 16)
- Re: WS Security auto176251 (Dec 18)