« What's Happening with JMX Technology (TS-7171) | Main | Project Looking Glass - Cool LG3D Apps and How to Write Them (TS-7992) »

Web Services Security Attacks in Action (TS-5398)

Presented by Rich Salz from DataPower Technology.

Goal:
Understand some types of syntactic and semantic attacks for Web Services applications.

Definitions:
Syntactic attack: a "generic XML" attack
Semantic attack: leveraging the structure and rpocessing rules of SOAP, WS-xxx, or the payload
XDoS: because of XML (insanely large XML payloads, I assume).

Simple Syntactic Attacks:
Could be composed of random bits, not XML.

Simple Overflows:

  • Huge XML (size, depth, width)
  • Huge element name
  • Huge attribute name
  • Big number of namespaces
  • Huge number of attributes
  • Huge tgext

    DTD Syntax Attacks:

  • XXE: XML External Entity
  • Or, a really big DTD.
  • Million laughts: 2**26 entity expansion:

    Simple Semantic Attacks:

  • Really big schema
  • Really bif stylesheet (don't run untrusted code)
  • XSLT in general

    Semantic Attack: Discovery:
    Expose only what's neccessary. Service discovery is not a great idea, since WSDL could expose vulnerable functionality.

    Semantic Attack: Distributed ID Monte:
    Policy says that message body must be signed. Signature reference uses "URI-#body" to point to the body. Attacker moves the body into a SOAP header. So, the Body is signed, but a false Body is installed in the Header. Don't quite understand the details of this attack since it was poorly explained.

    • Posted by Scott on June 29, 2005 11:38 AM |