Hackers of India

Web Services - Attacks and Defense Strategies, Methods and Tools

By  Shreeraj Shah  on 06 Oct 2004 @ Hitb Sec Conf

Abstract

Web services business is projected to grow from $1.6 billion (2004) to $34 billion (2007). Web services are being integrated with web applications and consumed by other businesses over the Internet using HTTP/HTTPS protocols. This makes Web Applications even more vulnerable since they cannot be protected by Firewalls and become easy prey for attackers. Next generation web application attacks have arrived and are here to stay. These attacks are targeted towards vulnerable and poorly written web services.

The web service is the new security Lego Land. The main building blocks are UDDI, SOAP and WSDL. This presentation will briefly touch upon each of these aspects. It is important to understand this new set of attacks together with the security controls to be put in place to protect web services. This presentation will cover new methodologies of assessment and defense strategies. It is important to understand what kinds of tools are out there. At the same time it is important to learn to build your own tools since web services are highly customized and generic tools may not always serve the purpose. This presentation is just what you need to get you started on the right track…