Welcome to WS-Attacks
WS-Attacks.org is not a new web service standard by the OASIS Group or W3C; instead it presents the flaws of today's web service standards and implementations in regard to web service security! WS-Attacks.org aims at delivering the most comprehensive enumeration of all known web service attacks.
Okay, how do I get started? If you are familiar with the basics you can dive right into the Attacks. All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint a you can choose to have attacks listed by one of the four categories:
- Attack Categorisation by violated security objective
- Attack Categorisation by number of involved parties
- Attack Categorisation by attacked web service component
- Attack Categorisation by attack spreading
Alternatively you can browse through the entire list of attacks (sorted by violated security objective):
Attacks primarily violating the security objective "Availability"
Oversized XML DOS aka Oversized XML attack
Recursive Cryptography aka Oversized Cryptography aka Cryptography DOS aka XML Complexity Attack in Soap Header
SOAP Parameter DOS aka Parameter Tampering
XML Document Size Attack aka Oversize payload attack aka Jumbo payload Attack
XML Encryption - Transformation DOS
XML Signature - Key Retrieval DOS
XML Signature – Transformation DOS
Attacks primarily violating the security objective "Integrity"
- Malicious Morphing aka Message Tampering aka Content Tampering aka Message Alternation aka Data Tampering aka Falsified Message
Metadata Spoofing aka Schema Poisoning
XML Signature Wrapping aka XML Rewriting
Attacks primarily violating the security objective “Confidentiality”
Passive WS-MITM aka Message Sniffing aka Message Snopping
Adaptive Chosen-Ciphertext Attacks
Backwards Compatibility Attacks
Attacks primarily violating the security objective “Access Control”
Other attacks
XML Signature - Key Retrieval XSA (Cross Site Attack)
XML Signature – XSLT Code Execution
If you have any questions or comments feel free to contact us or just contribute by editing the wiki yourself!