Copyright 2010 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this...
4
Copyright 2010 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP WS-Attacks.org Project Andreas Falkenberg Project leader WS-Attacks.org Ruhr Uni Bochum, Bochum, Germany [email protected] (+49) (0)178-679511 WS-Attacks.org Project
-
Upload
anthony-hammond -
Category
Documents
-
view
213 -
download
0
Transcript of Copyright 2010 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this...
Copyright 2010 © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
WS-Attacks.org Project
Andreas FalkenbergProject leader WS-Attacks.orgRuhr Uni Bochum, Bochum, [email protected](+49) (0)178-679511
WS-Attacks.org Project
2OWASP
Its all about web services
Web services in todays worldArray of technologies to implement:
Web APIs B2B applications SOA szenarios Wrap legacy applications
Attacks on web servicesWeb services are vulnerable to:
all classical web application attacks (SQLi, XSS,..) web service specific attacks (Signature Wrapping, ..)
Problem: Where to go to for WS specific attacks?
3OWASP
WS-Attacks.org project
What does the WS-Attacks.org project offer?First and most comprehensive enumeration of
web service specific attack vectors (40+ attacks)Each attack is descriped in detail including:
Attack description Attack prerequisities Attack example Countermeasures
What does WS-Attacks.org NOT offer?No Description of SQLi, XSS and similar attacks
We already have OWASP for this ;-)
4OWASP
Bringing together what belongs together
WS-Attacks.org extends OWASP to the web service attack universe Check us out at www.WS-Attacks.orgWrite us at: [email protected]
What can we expect in the future?More web service specific attacksFirst automated web service attacking
framework?? REIN?
