Welcome to WS-Attacks

WS-Attacks.org is not a new web service standard by the OASIS Group or W3C; instead it presents the flaws of today's web service standards and implementations in regard to web service security! WS-Attacks.org aims at delivering the most comprehensive enumeration of all known web service attacks.

Okay, how do I get started? If you are familiar with the basics you can dive right into the Attacks. All attacks are categorised and structured in a stringent fashion. Depending on your viewpoint a you can choose to have attacks listed by one of the four categories:

• Attack Categorisation by violated security objective
• Attack Categorisation by number of involved parties
• Attack Categorisation by attacked web service component
• Attack Categorisation by attack spreading

Alternatively you can browse through the entire list of attacks (sorted by violated security objective):

Attacks primarily violating the security objective "Availability"

BPEL Instantiation Flooding

BPEL Indirect Flooding

BPEL State Deviation

• BPEL Correlation Invalidation

• BPEL State Invalidation

Coercive Parsing

Oversized XML DOS aka Oversized XML attack

• XML Extra Long Names aka XML MegaTags aka XML Jumbo Tag Names

• XML Namespace Prefix Attack

• XML Oversized Attribute Content

• XML Oversized Attribute Count

Reference Redirect

• Signature Redirect

• Encryption Redirect

Recursive Cryptography aka Oversized Cryptography aka Cryptography DOS aka XML Complexity Attack in Soap Header

• Chained Cryptographic Keys aka Public Key DOS

• Nested Encrypted Blocks

Soap Array Attack

SOAP Parameter DOS aka Parameter Tampering

WS-Addressing spoofing

• WS-Addressing spoofing - Generic

• WS-Addressing spoofing - BPEL Rollback

• WS-Addressing spoofing - Middleware Hijacking

XML Document Size Attack aka Oversize payload attack aka Jumbo payload Attack

• Oversized SOAP Header

• Oversized SOAP Body

• Oversized SOAP Envelope

XML Encryption - Transformation DOS

• XML Encryption - XSLT DOS

• XML Encryption - Xpath DOS

XML External Entity DOS

XML Entity Expansion

• XML Generic Entity Expansion

• XML Recursive Entity Expansion

• XML Remote Entity Expansion

• XML C14N Entity Expansion

XML Entity Reference Attack

XML Flooding

• Distributed XML Flooding

• Single XML Flooding

XML Signature - Key Retrieval DOS

XML Signature – Transformation DOS

• XML Signature - C14N DOS

• XML Signature - XSLT DOS

• XML Signature - Xpath DOS

Attacks primarily violating the security objective "Integrity"

Active WS-MITM

• Malicious Morphing aka Message Tampering aka Content Tampering aka Message Alternation aka Data Tampering aka Falsified Message

• Routing Detour

Metadata Spoofing aka Schema Poisoning

• WSDL Spoofing aka WSDL Parameter Tampering

• WS Security Policy Spoofing

XML Signature Wrapping aka XML Rewriting

• XML Signature Wrapping - Simple Context

• XML Signature Wrapping - Optional Element

• XML Signature Wrapping - Optional Element in Security Header

• XML Signature Wrapping - with Namespace Injection

XML Signature Exclusion

Attacks primarily violating the security objective “Confidentiality”

Passive WS-MITM aka Message Sniffing aka Message Snopping

WSDL Disclosure

• WSDL Enumeration aka WSDL Scanning

• WSDL Google Hacking

Adaptive Chosen-Ciphertext Attacks

• Adaptive Chosen-Ciphertext Attack on RSA PKCS1 v1.5

• Adaptive Chosen-Ciphertext Attack on Cipher Block Chaining Mode of Operation

Backwards Compatibility Attacks

Attacks primarily violating the security objective “Access Control”

Replay Attack

SOAPAction Spoofing

• SOAPAction Spoofing - MITM Attack

• SOAPAction Spoofing - Bypass Attack

Other attacks

Attack Obfuscation

XML Injection

XML Signature - Key Retrieval XSA (Cross Site Attack)

XML Signature – XSLT Code Execution

Xpath Injection

If you have any questions or comments feel free to contact us or just contribute by editing the wiki yourself!