Difference between revisions of "Projects/OWASP WS Amplification DoS Project/Roadmap"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
PHASE 1:
+
*PHASE 1:
 +
**A - Setting up a tool that can detect this vulnerability
 +
***Finding a way to crawl the net looking for open webservices and test them with the above tool
 +
**B - Looking into the different WS implementations and finding out their default WS-Addressing behaviour
 +
*** .NET, Axis, Axis2, CXF,...
  
A - Setting up a tool that can detect this vulnerability
+
*PHASE 2:
 +
**A - Analyse the results and determine the global threat magnitude
 +
*** Average amplification factor, number of vulnerable open webservices,...
 +
**B - Determine what adjustments and countermeasures must be taken in order to mitigate the threat
 +
***In the frameworks, external tool?,...
  
        * Finding a way to crawl the net looking for open webservices and test them with the above tool
+
*PHASE 3:
 
+
**Bundle all the results and possible countermeasures into a document/article to create awareness
B - Looking into the different WS implementations and finding out their default WS-Addressing behaviour
+
 
+
* .NET, Axis, Axis2, CXF,...
+
 
+
PHASE 2:
+
 
+
A - Analyse the results and determine the global threat magnitude
+
 
+
* Average amplification factor, number of vulnerable open webservices,...
+
 
+
B - Determine what adjustments and countermeasures must be taken in order to mitigate the threat
+
 
+
* In the frameworks, external tool?,...
+
 
+
PHASE 3:
+
 
+
- Bundle all the results and possible countermeasures into a document/article to create awareness
+

Revision as of 10:06, 23 May 2013

  • PHASE 1:
    • A - Setting up a tool that can detect this vulnerability
      • Finding a way to crawl the net looking for open webservices and test them with the above tool
    • B - Looking into the different WS implementations and finding out their default WS-Addressing behaviour
      • .NET, Axis, Axis2, CXF,...
  • PHASE 2:
    • A - Analyse the results and determine the global threat magnitude
      • Average amplification factor, number of vulnerable open webservices,...
    • B - Determine what adjustments and countermeasures must be taken in order to mitigate the threat
      • In the frameworks, external tool?,...
  • PHASE 3:
    • Bundle all the results and possible countermeasures into a document/article to create awareness