Copyright 2010 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this...
-
Upload
anthony-hammond -
Category
Documents
-
view
213 -
download
0
Transcript of Copyright 2010 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this...
![Page 1: Copyright 2010 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.](https://reader036.fdocuments.net/reader036/viewer/2022082805/5513e01055034674748b53c9/html5/thumbnails/1.jpg)
Copyright 2010 © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
WS-Attacks.org Project
Andreas FalkenbergProject leader WS-Attacks.orgRuhr Uni Bochum, Bochum, [email protected](+49) (0)178-679511
WS-Attacks.org Project
![Page 2: Copyright 2010 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.](https://reader036.fdocuments.net/reader036/viewer/2022082805/5513e01055034674748b53c9/html5/thumbnails/2.jpg)
2OWASP
Its all about web services
Web services in todays worldArray of technologies to implement:
Web APIs B2B applications SOA szenarios Wrap legacy applications
Attacks on web servicesWeb services are vulnerable to:
all classical web application attacks (SQLi, XSS,..) web service specific attacks (Signature Wrapping, ..)
Problem: Where to go to for WS specific attacks?
![Page 3: Copyright 2010 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.](https://reader036.fdocuments.net/reader036/viewer/2022082805/5513e01055034674748b53c9/html5/thumbnails/3.jpg)
3OWASP
WS-Attacks.org project
What does the WS-Attacks.org project offer?First and most comprehensive enumeration of
web service specific attack vectors (40+ attacks)Each attack is descriped in detail including:
Attack description Attack prerequisities Attack example Countermeasures
What does WS-Attacks.org NOT offer?No Description of SQLi, XSS and similar attacks
We already have OWASP for this ;-)
![Page 4: Copyright 2010 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.](https://reader036.fdocuments.net/reader036/viewer/2022082805/5513e01055034674748b53c9/html5/thumbnails/4.jpg)
4OWASP
Bringing together what belongs together
WS-Attacks.org extends OWASP to the web service attack universe Check us out at www.WS-Attacks.orgWrite us at: [email protected]
What can we expect in the future?More web service specific attacksFirst automated web service attacking
framework?? REIN?