Hackers of India

Web Service Vulnerabilities

By  Nish Bhalla  on 30 Mar 2007 @ Blackhat

Abstract

Security has become the limiting reagent in the broad adoption of web services. As a result, much emphasis has been placed on the development of various high-level security standards and protocols, but in most cases the simplest attacks, those at the application level, have been neglected.

Nish Bhalla of Security Compass will explore, at a low-level, the vulnerabilities inherent to web services from an attacker’s point of view. The talk covers the dependency of web services on xml, the various forms of xml-based attacks, including exploiting parsers and validators, and finally provides recommendations and countermeasures.

This talk is intended for developers and web application architects. It drills down to the details of web services implementation, while maintaining a focus on good versus bad architectural design.