These are all fairly obvious techniques, and I think there are much better (worse) approaches applicable to the modern world of Web services. For instance, if you know a service supports WS-Security (or even just has WS-Security implemented in its stack), a very effective denial-of-service attack is to generate streams of request messages with random garbage for signatures. The service will go through the (heavy) overhead of attempting to verify the signature, only to discard the message afterward.
- Dennis Gervas Douglas wrote: > <<Attacks on Web Services are often targeted at XML based content. > Here are some of the more significant XML based attacks: > > Recursive payload attack - the attacker takes advantage of the > nesting supported within XML. One of the strengths of XML is its > ability through nesting to efficiently address complex, hierarchical > relationships between data elements. With the recursive payload > attack, an XML document is created with very deep nesting of data > elements, thousands of elements deep or where the nesting is > recursive. Many of the older XML parsers would choke on this, > essentially leading to a denial of service. > > Jumbo Payload attack - Essentially exploiting a poorly written parser > that is unable to process an exceedingly large XML document leading > to a denial-of-service. This has become less of an issue as parsers, > are now better able to handle larger payloads and have the correct > exception handling if the document is too big. > > XQuery Injection - An XML variant to the SQL injection technique. > XQuery is a language designed to permit querying and format XML data. > An attacker may inject XQuery as part of a SOAP message causing a > SOAP destination service to manipulate an XML document incorrectly. > > XML Morphing - Involves changing/manipulating XML docs into a form > that XML processor cannot handle. > > WSDL Enumeration - Web Services Description Language is used to > describe the services and how to engage the methods for these > services. By enumerating and parsing through WSDL , someone could get > info about other methods that may have restricted access or a deduce > how to compromise a service through a backdoor unpublished method. > > Schema Poisoning – Modifying the schema referenced by an XML document > in a manner that is inconsistent with the document - causing the > processor to choke on the document. > > These are just a sampling of XML based attacks that can be > perpetrated against your web service deployment. > Here are a couple of steps to take to protect against such threats. > > First, validate and version control XML Schemas. Second, encrypt XML > content. Third, inspect incoming and outgoing XML through use of XML > based firewall or IPS equipped to handle such inspection. It's not > foolproof but it's a start toward better security for web services.>> > > You can find this at: > > <http://www.ebizq.net/blogs/security_insider/2006/06/threat_protection > _for_web_serv_2.php> > > Gervas > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > ------------------------ Yahoo! Groups Sponsor --------------------~--> Something is new at Yahoo! Groups. Check out the enhanced email design. http://us.click.yahoo.com/SISQkA/gOaOAA/yQLSAA/NhFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
