SOA and Web Services: New Technologies, New Standards - New Attacks

Abstract

Being regarded as the new paradigm for Internet communication, Web Services have introduced a large number of new standards and technologies. Though founding on decades of networking experience, Web Services are not more resistant to security attacks than other open network systems. Quite the opposite is true: Web Services are exposed to attacks well-known from common Internet protocols and additionally to new kinds of attacks targeting Web Services in particular. Along with their severe impact, most of these attacks can be performed with minimum effort from the attacker's side. In this paper we present a list of vulnerabilities in the context of Web Services. To proof the practical relevance of the threats, we performed exemplary attacks on widespread Web Service implementations. Further, general countermeasures for prevention and mitigation of such attacks are discussed.