Difference between revisions of "Projects/OWASP WS Amplification DoS Project/Roadmap"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
*PHASE 1:
+
PHASE 1:
**A - Setting up a tool that can detect this vulnerability
+
*A - Setting up a tool that can detect this vulnerability
***Finding a way to crawl the net looking for open webservices and test them with the above tool
+
**Finding a way to crawl the net looking for open webservices and test them with the above tool
**B - Looking into the different WS implementations and finding out their default WS-Addressing behaviour
+
*B - Looking into the different WS implementations and finding out their default WS-Addressing behaviour
*** .NET, Axis, Axis2, CXF,...
+
** .NET, Axis, Axis2, CXF,...
  
*PHASE 2:
 
**A - Analyse the results and determine the global threat magnitude
 
*** Average amplification factor, number of vulnerable open webservices,...
 
**B - Determine what adjustments and countermeasures must be taken in order to mitigate the threat
 
***In the frameworks, external tool?,...
 
  
*PHASE 3:
+
PHASE 2:
**Bundle all the results and possible countermeasures into a document/article to create awareness
+
*A - Analyse the results and determine the global threat magnitude
 +
** Average amplification factor, number of vulnerable open webservices,...
 +
*B - Determine what adjustments and countermeasures must be taken in order to mitigate the threat
 +
**In the frameworks, external tool?,...
 +
 
 +
 
 +
PHASE 3:
 +
*Bundle all the results and possible countermeasures into a document/article to create awareness

Revision as of 09:07, 23 May 2013

PHASE 1:

  • A - Setting up a tool that can detect this vulnerability
    • Finding a way to crawl the net looking for open webservices and test them with the above tool
  • B - Looking into the different WS implementations and finding out their default WS-Addressing behaviour
    • .NET, Axis, Axis2, CXF,...


PHASE 2:

  • A - Analyse the results and determine the global threat magnitude
    • Average amplification factor, number of vulnerable open webservices,...
  • B - Determine what adjustments and countermeasures must be taken in order to mitigate the threat
    • In the frameworks, external tool?,...


PHASE 3:

  • Bundle all the results and possible countermeasures into a document/article to create awareness