WS Security Track - XML Content Attacks | SYS-CON NEWS DESK

The World's Leading Online i-Technology University	Register \| Log in

.NET · AJAX · ECLIPSE · FLEX · OPEN WEB · iPHONE · JAVA · LINUX · OPEN SOURCE · ORACLE · PBDJ · SEARCH · SILVERLIGHT · SOA · VIDEO · VIRTUALIZATION · WEB 2.0 · WIRELESS · XML

WS Security Track - XML Content Attacks

Web Services Attacks Such As WSDL Scanning And Parameter Tampering (SQL Injection, SOAP Array Attack) And How To Prevent Them?

By: Girish Juneja

Dec. 15, 2004 12:00 AM

This session defines a new class of threats, XML Content Attacks, and differentiates these threats from more general Web services attacks and XML security-based attacks. These three related but distinct threat areas are explained. The session covers XML Content Attacks with regard to tree-based parsing exploits related to coercive parsing, node-depth attacks, and DOM. XML grammar validation exploits such as schema poisoning and lax-content models are discussed, and why traditional schema validation cannot ensure content-model consistency. Web services attacks like WSDL scanning and parameter tampering (SQL Injection, SOAP array attack) are discussed - highlighting common mistakes made when applying message-level security (WS-Security).

Published Dec. 15, 2004— Reads 1,002
Copyright © 2004 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

About Girish Juneja
Girish Juneja is director of SOA products at Intel. A co-founder of Sarvega, Inc., an SOA infrastructure company, he led the engineering and customer services organizations to develop Sarvega's industry leading core XML technology and XML networking products. Girish has held senior technology and management roles at Thomson Financial Services, Verizon, and MCI Telecommunications, with more than 15 years of experience in the technology industry in engineering, technology strategy, and management roles.

Reader Feedback: Page 1 of 1

ADVERTISE | MAGAZINE SUBSCRIPTIONS | FREE BREAKING-NEWSLETTERS! | SYS-CON.TV | BLOG-N-PLAY! | WEBCAST | EDUCATION | RESEARCH

.NET Developer's Journal - .NETDJ   |   ColdFusion Developer's Journal - CFDJ   |   Eclipse Developer's Journal - EDJ   |   Enterprise Open Source Magazine - EOS
Open Web Developer's Journal - OPEN WEB   |   iPhone Developer's Journal - iPHONE   |   Virtualization - Virtualization   |   Java Developer's Journal - JDJ   |   Linux.SYS-CON.com
PowerBuilder Developer's Journal - PBDJ   |   SEO / SEM Journal - SJ   |   SOAWorld Magazine - SOAWM   |   IT Solutions Guide - ITSG   |   Symbian Developer's Journal - SDJ
WebLogic Developer's Journal - WLDJ   |   WebSphere Journal - WJ   |   Wireless Business & Technology - WBT   |   XML-Journal - XMLJ   |   Internet Video - iTV
Flex Developer's Journal - Flex   |   AJAXWorld Magazine - AWM   |   Silverlight Developer's Journal - SLDJ   |   PHP.SYS-CON.com   |   Web 2.0 Journal - WEB2

SYS-CON MEDIA: ABOUT US | CONTACT US | COMPANY NEWS | CAREERS | SITE MAP

SYS-CON EVENTS: | AJAXWorld Conference & Expo | iPhone Developer Summit | OpenWeb Developer Summit | SOA World Conference & Expo | Virtualization Conference & Expo

INTERNATIONAL SITES: India | U.K. | Canada | Germany | France | Australia | Italy | Spain | Netherlands | Brazil | Belgium

Terms of Use & Our Privacy Statement

About Newsfeeds / Video Feeds

Copyright ©1994-2008 SYS-CON Publications, Inc. All Rights Reserved. All marks are trademarks of SYS-CON Media.

Reproduction in whole or in part in any form or medium without express written permission of SYS-CON Publications, Inc. is prohibited.

close this window