Testing for Naughty SOAP Attachments (OWASP-WS-006)

From OWASP
Revision as of 21:46, 1 November 2006 by Mroxberr (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Brief Summary

An attacker can craft an XML document to send to a web service that contains malware as attachments. Testing to ensure the Web Service host inspects SOAP attachments should be included in the web application testing plan.



Description of the Issue

2) general malware (Viruses and Trojans) that can be included as binary attachments that are processed on the host machine,



Black Box testing and example

Testing for Topic X vulnerabilities: ... Result Expected: ...



Gray Box testing and example

Testing for Topic X vulnerabilities: ... Result Expected: ...



References

Whitepapers ... Tools ...