OWASP 2 Its all about web services Web services in todays world Array of technologies to implement: Web APIs B2B applications SOA szenarios Wrap legacy applications Attacks on web services Web services are vulnerable to: all classical web application attacks (SQLi, XSS,..) web service specific attacks (Signature Wrapping,..) Problem: Where to go to for WS specific attacks?
OWASP 3 WS-Attacks.org project What does the WS-Attacks.org project offer? First and most comprehensive enumeration of web service specific attack vectors (40+ attacks) Each attack is descriped in detail including: Attack description Attack prerequisities Attack example Countermeasures What does WS-Attacks.org NOT offer? No Description of SQLi, XSS and similar attacks We already have OWASP for this ;-)
OWASP 4 Bringing together what belongs together WS-Attacks.org extends OWASP to the web service attack universe Check us out at www.WS-Attacks.orgwww.WS-Attacks.org Write us at: firstname.lastname@example.org@ws-attacks.org What can we expect in the future? More web service specific attacks First automated web service attacking framework?? REIN?