Difference between revisions of "Main Page"

From WS-Attacks
Jump to navigation Jump to search
m (1 revision imported: Import from WS-Attacks)
(Redirected page to Welcome to WS-Attacks)
Line 1: Line 1:
WS-Attacks.org is '''not''' a new web service standard by the OASIS Group or W3C;
#REDIRECT [[Welcome to WS-Attacks]]
instead it presents the flaws of today's web service standards and implementations in regard to web service security! WS-Attacks.org aims at delivering the most comprehensive enumeration of all known web service attacks.
Okay, how do I get started?
If you are familiar with the basics you can dive right into the [[Web_Service_Attacks_By_Category|Attacks]]. All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint a you can choose to have attacks listed by one of the four categories:
*[[:Category:Attack_Categorisation_By_Violated_Security_Objective|Attack Categorisation by violated security objective]]
*[[:Category:Attack_Categorisation_By_Number_Of_Involved_Parties|Attack Categorisation by number of involved parties]]
*[[:Category:Attack_Categorisation_By_Attacked_Web_Service_Component|Attack Categorisation by attacked web service component]]
*[[:Category:Attack_Categorisation_By_Attack_Spreading|Attack Categorisation by attack spreading]]
Alternatively you can browse through the entire list of attacks (sorted by violated security objective):
Attacks primarily violating the security objective "Availability"
[[BPEL Instantiation Flooding]]
[[BPEL Indirect Flooding]]
[[BPEL State Deviation]]
*[[BPEL Correlation Invalidation]]
*[[BPEL State Invalidation]]
[[Coercive Parsing]]
[[Oversized XML DOS]] aka [[Oversized XML attack]]
*[[XML Extra Long Names]] aka [[XML MegaTags]] aka [[XML Jumbo Tag Names]]
*[[XML Namespace Prefix Attack ]]
*[[XML Oversized Attribute Content]]
*[[XML Oversized Attribute Count]]
[[Reference Redirect]]
*[[Signature Redirect]]
*[[Encryption Redirect]]
[[Recursive Cryptography]] aka [[Oversized Cryptography]] aka [[Cryptography DOS]] aka [[XML Complexity Attack in Soap Header]]
*[[Chained Cryptographic Keys]] aka [[Public Key DOS]]
*[[Nested Encrypted Blocks]]
[[Soap Array Attack]]
[[SOAP Parameter DOS]] aka [[Parameter Tampering]]
[[WS-Addressing spoofing]]
*[[WS-Addressing spoofing - Generic]]
*[[WS-Addressing spoofing - BPEL Rollback]]
*[[WS-Addressing spoofing - Middleware Hijacking]]
[[XML Document Size Attack]] aka [[Oversize payload attack]] aka [[Jumbo payload Attack]]
*[[Oversized SOAP Header]]
*[[Oversized SOAP Body]]
*[[Oversized SOAP Envelope]]
[[XML Encryption - Transformation DOS]]
*[[XML Encryption - XSLT DOS]]
*[[XML Encryption - Xpath DOS]]
[[XML External Entity DOS]]
[[XML Entity Expansion]]
*[[XML Generic Entity Expansion]]
*[[XML Recursive Entity Expansion]]
*[[XML Remote Entity Expansion]]
*[[XML C14N Entity Expansion]]
[[XML Entity Reference Attack]]
[[XML Flooding]]
*[[Distributed XML Flooding]]
*[[Single XML Flooding]]
[[XML Signature - Key Retrieval DOS]]
[[XML Signature – Transformation DOS]]
*[[XML Signature - C14N DOS]]
*[[XML Signature - XSLT DOS]]
*[[XML Signature - Xpath DOS]]
Attacks primarily violating the security objective "Integrity"
[[Active WS-MITM]]
*[[Malicious Morphing]] aka [[Message Tampering]] aka [[Content Tampering]] aka [[Message Alternation]] aka [[Data Tampering]] aka [[Falsified Message]]
*[[Routing Detour]]
[[Metadata Spoofing]] aka [[Schema Poisoning]]
* [[WSDL Spoofing]] aka [[WSDL  Parameter Tampering]]
* [[WS Security Policy Spoofing]]
[[XML Signature Wrapping]] aka [[XML Rewriting]]
*[[XML Signature Wrapping - Simple Context]]
*[[XML Signature Wrapping - Optional Element]]
*[[XML Signature Wrapping - Optional Element in Security Header]]
*[[XML Signature Wrapping - with Namespace Injection]]
[[XML Signature Exclusion]]
Attacks primarily violating the security objective “Confidentiality”
[[Passive WS-MITM]] aka [[Message Sniffing]] aka [[Message Snopping]]
[[WSDL Disclosure]]
*[[WSDL Enumeration]] aka [[WSDL Scanning]]
*[[WSDL Google Hacking]]
Attacks primarily violating the security objective  “Access Control”
[[Replay Attack]]
[[SOAPAction Spoofing]]
*[[SOAPAction Spoofing - MITM Attack]]
*[[SOAPAction Spoofing - Bypass Attack]]
Other attacks
[[Attack Obfuscation]]
[[XML Injection]]
[[XML Signature - Key Retrieval XSA (Cross Site Attack)]]
[[XML Signature – XSLT Code Execution]]
[[Xpath Injection]]
If you have any questions or comments feel free to contact us or just contribute by editing the wiki yourself!

Latest revision as of 11:22, 23 December 2015