SOAP Web Services Attack White Paper

From: SPI Labs (spilabs_at_spidynamics.com)
Date: 11/18/03

  • Next message: Phil Cox: "Foundry switch and VLAN hopping" 
    To: <pen-test@securityfocus.com>
Date: Tue, 18 Nov 2003 16:48:53 -0500

    SOAP Web Services Attack - Part 1 from SPILabs of Spidynamics, Inc

    [Title]
    SOAP Web Services Attack - Part 1 Introduction and Simple injection

    [Abstract]

    The World Wide Web is being used increasingly for application-to-application
    communication, thanks to programmatic interfaces known as web services.
    In conjunction with current technology, web services are ideal for companies
    clamoring
    to join the e-commerce revolution.

    [Link]
    http://www.spidynamics.com/whitepapers/SOAP_Web_Security.pdf

    [Contact Information]

    spilabs@spidynamics.com
    SPI Dynamics, Inc.
    115 Perimeter Center Place N.E.
    suite 270
    Atlanta, GA. 30346
    Toll-Free Phone: (866) 774-2700

    SPI Dynamics was founded in 2000 by a team of accomplished Web security
    specialists; SPI Dynamics is
    the leader in Web application security technology. With such signature
    products as WebInspect, SPI Dynamics
    is dedicated to protecting companies' most valuable assets. SPI Dynamics has
    created a new breed of
    Internet security products for the Web application, the most vulnerable yet
    least secure component of
    online business infrastructure.

    Copyright (c) 2003 SPI Dynamics, Inc. All rights reserved worldwide.

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_pen-test_031023
    and use priority code SF4.
    ----------------------------------------------------------------------------

  • Next message: Phil Cox: "Foundry switch and VLAN hopping"

    Relevant Pages

    • ASP.NET RCP/Encoded Web service DOS
      ... ASP.NET RCP/Encoded Web service DOS ... Applications using System.Xml.Serialization to consume untrusted data ... RCP/Encoded web services are not recommended by Microsoft. ... SPI Dynamics, Inc. ...
      (Vuln-Dev)
    • [Full-disclosure] ASP.NET RCP/Encoded Web service DOS
      ... ASP.NET RCP/Encoded Web service DOS ... Applications using System.Xml.Serialization to consume untrusted data ... RCP/Encoded web services are not recommended by Microsoft. ... SPI Dynamics, Inc. ...
      (Full-Disclosure)
    • Microsoft .NET
      ... reading up various documents that discuss - "What is Microsoft .Net" ... I'm trying to write a paper on security and software development using ... utilize connected solutions using Web services, ... language, of course, but also: ...
      (microsoft.public.dotnet.general)
    • Re: C# Exceptions
      ... What attack scenarios could be possible on such an application? ... > Are these issues really a security threat for a desktop application? ... > this application gets from its web services. ... > Cenzic Hailstorm finds vulnerabilities fast. ...
      (Pen-Test)
    • Re: WebServices Testing
      ... I am tasked with doing some security testing on a new web services ... But,,, this is why the infosec bizz has become cowboy territory rather then a serious ... maybe its time that each security certification selling company keeps a public list on ...
      (Pen-Test)