Top 5 Web Service Security Flaws Identified
There is a new Top 5 threats list for web services. Surprisingly, many vulnerabilities come from open or standards-based technologies. Prepared by web services researcher Spire Security LLC and Forum Systems, a web service security provider of Web services-related threats. See how XML parsing and WSDL scanning can impact the security of your web service project.
Many of the threats will sound familiar to long-time web-based developers, but have a new web services wrinkle to take advantage of new loosely coupled technologies such as XML and WSDL, the report The report, entitled "Attacking and Defending Web Services, found
"The flexibility of Web services that is driving its adoption is also creating its greatest exposure. Companies are publicly publishing their WSDL documents as a handbook to connect with each other. But these documents also provide a handbook to attacking your business," said Mamoon Yunus, CTO of Forum Systems. "As attackers learn about the characteristics of the Web services world, they will -- and already are -- attacking the individual components," said Pete Lindstrom, research director for Spire Security.
The Spire/Forum survey identified five (5) categories of Web Services security vulnerabilities:
For a more comprehensive list and analysis of threat profiles "Attacking and Defending Web Services" is available as a PDF download.