Federico Cargnelutti

Simple is better than complex. Complex is better than complicated. | @fedecarg

Detect Replay Attacks in your Web Services

leave a comment »

Many threats that are common to distributed systems are common to Web services as well. There are a few specific threats associated with the Web services processing model, such as:

  • Message replays: An attacker may re-play an entire message or a part of a SOAP message.
  • Man in the middle attack: An attacker may view and modify a SOAP message without the knowledge of either sender or the receiver.
  • Identity spoofing: An attempt to construct credentials that seems to be valid but not.
  • Denial of Service (DOS) attacks: An attempt to make a system expend its resources so that valid requests cannot access a service.
  • Message alteration: An attempt to alter a message compromising its integrity.
  • Confidentiality issues: Access to confidential information within a message by unauthorized parties.

Dimuthu wrote an interesting post about how to prevent replay attacks using WSF/PHP. He also shows how to detect them using WS-Addressing and WS-Username token headers.

Advertisement

Written by Federico

November 18, 2008 at 9:59 pm

Posted in PHP, Programming, Web Services

«
»

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

Please log in to WordPress.com to post a comment to your blog.

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 43 other followers