Web Services is quickly earning its keep amidst its hype of providing extra
functionality to computing environments. As with any new technology, this
success comes with a level of increased risk. These risks are incurred
explicitly when an organization deploys its own Web Services, and implicitly for
any organization connected to the Internet and employing applications that have
XML-awareness built in (every major enterprise software solution already has
this capability).
This white paper describes the threat profile of a Web Services environment.
It discusses the various techniques that may be used in an attack against the
individual components using XML and soap documents.
The paper introduces the Top Ten Web Services Threats, a set of conceptual
attacks that provide the most likely approach to compromising the Web Services
environment. It then discusses ways to defend against these threat classes to
protect a Web Services deployment.
Finally, this paper discusses how Forum Systems' XWall firewall can be used
to effectively protect against these attacks.
