WS-Attacks.org is not a new web service standard by the OASIS Group or W3C; instead it presents the flaws of today's web service standards and implementations in regard to web service security! WS-Attacks.org aims at delivering the most comprehensive enumeration of all known web service attacks.
Okay, how do I get started? If you are familiar with the basics you can dive right into the Attacks. All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint a you can choose to have attacks listed by one of the four categories:
- Attack Categorisation by violated security objective
- Attack Categorisation by number of involved parties
- Attack Categorisation by attacked web service component
- Attack Categorisation by attack spreading
Alternatively you can browse through the entire list of attacks (sorted by violated security objective):
Attacks primarily violating the security objective "Availability"
Attacks primarily violating the security objective "Integrity"
- Malicious Morphing aka Message Tampering aka Content Tampering aka Message Alternation aka Data Tampering aka Falsified Message
Attacks primarily violating the security objective “Confidentiality”
Attacks primarily violating the security objective “Access Control”
If you have any questions or comments feel free to contact us or just contribute by editing the wiki yourself!