Home page logo
/

pen-test logo Penetration Testing mailing list archives

WS Security
From: auto176251 () hushmail com
Date: Mon, 15 Dec 2008 11:42:33 +0000

Hi there,

I need to identify all the associated risk of ws exposure to the 
internet and intranet, and the ways to mitigate them. From what 
i've tested and learned over the years, the risks are:

WSDL Probing
Brute Forcing the XML Parser
Malicious Content
External References Attacks
SOAP Attacks

The ways to mitigate this without buying one of those expensive XML 
appliances, is making sure developers validate all input (as it was 
for the webapps), an almost impossible task IMHO.

If any of you has pointers to some documents that systematically 
point out all the risks and alternative ways to mitigate them it 
would help me a lot.

Thanks.

--
Click to become a master chef, own a restaurant and make millions.
 http://tagline.hushmail.com/fc/PnY6qxtWo9TxmvQTJtuabE4ZMDCybt3dk1NTOIbqc77dWg6nwW2fD/


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault