XML Web Services Vulnerability Assessment
Similar to Flash, Microsoft Silverlight is a "thick client" application interface used to enhance users' experience. Underlying web services calls made by Silverlight are vulnerable and it is important to map those in terms of vulnerabilities and create fixes.
In web applications, the security can be assured by the use of different penetration testing tools. Nevertheless, compared to prominent attacks such as SQL-Injection or Cross-site scripting (XSS), there is currently no penetration testing tools that are capable of analyzing the security of XML interfaces.
The threat of XML-based attacks has significantly increased. Besides web services, Single Sign-On systems are also attackable as latest researches have revealed this the necessity of an automatic penetration testing tool.
By implementing common web applications, our developers evaluate the security of their systems by applying different penetration testing tools. However, in comparison to the well known attacks as SQL injection or Cross Site Scripting, there exists no penetration testing tools for Web Services specific attacks. Lots of XML-specific attacks exist and are known for a long time. Below table gives us an overview on currently published attacks.
XML Signature Wrapping | Attack on XML Encryption | Oversize Payload |
Coercive parsing | SOAP Action Spoofing | XML Injection |
WSDL Scanning | Metadata Spoofing | Attack Obfuscation |
Oversized Cryptography | BPEL State Deviation | Instantiation Flooding |
Indirect Flooding | WS-Addressing spoofing | Middleware Hijacking |
What Our Customers Say?
Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.