Penetration Testing mailing list archives

WS Security

From: auto176251 () hushmail com
Date: Mon, 15 Dec 2008 11:42:33 +0000

Hi there,

I need to identify all the associated risk of ws exposure to the 
internet and intranet, and the ways to mitigate them. From what 
i've tested and learned over the years, the risks are:

WSDL Probing
Brute Forcing the XML Parser
Malicious Content
External References Attacks
SOAP Attacks

The ways to mitigate this without buying one of those expensive XML 
appliances, is making sure developers validate all input (as it was 
for the webapps), an almost impossible task IMHO.

If any of you has pointers to some documents that systematically 
point out all the risks and alternative ways to mitigate them it 
would help me a lot.

Thanks.

--
Click to become a master chef, own a restaurant and make millions.
 http://tagline.hushmail.com/fc/PnY6qxtWo9TxmvQTJtuabE4ZMDCybt3dk1NTOIbqc77dWg6nwW2fD/


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

WS Security auto176251 (Dec 15)
- <Possible follow-ups>
- Re: WS Security Jan Muenther (Dec 15)
  - Re: WS Security Leonardo Cavallari Militelli (Dec 16)
  - Re: WS Security anj (Dec 16)
- Re: WS Security auto176251 (Dec 18)