Thursday, June 26, 2008

Techniques in Attacking and Defending SOA Web Services

A good resource for those interested in the benefits of deploying a SOA Gateway. This is hands-on demonstration of attack vectors for SOA and Web Services and implementation of defense strategies using a SOA Gateway. Techniques include live examples of:

  • SOAP based SQL Injection Attack
  • Denial of Service Web Service Attack
  • XSD Mutation
  • Identity Discovery
Attack vectors are demonstrated using Crosscheck Networks SOAPSonar testing and diagnostics product and each attack is explained and mapped to the published CAPEC: Common Attack Pattern Enumeration and Classification system.

The Forum Systems Sentry SOA Gateway is shown as the central defense mechanism for back-end services with live data transaction examples and defensive actions.

View the demonstration here.