This document summarizes a presentation about assessing the security of Web 2.0 technologies like Ajax and web services. It discusses the Web 2.0 industry trends, technologies like Ajax, potential security impacts, and methodologies for fingerprinting, enumerating, crawling, and scanning Ajax applications and web services to identify vulnerabilities. It also provides an overview of attacking Ajax and defending applications.
Exploiting Cross-site scripting flaws can be a trivial challenge for anyone new to Web Application Security. This presentation aims to provide useful information on understanding different types of XSS, attack methodologies and common ways of exploiting them.
General Waf detection and bypassing techniques. Main focus to demonstrate that how to take right approach to analyse the behaviour of web application firewall and then create test cases to bypass the same.
XSS is much more than just <script>alert(1)</script>. Thousands of unique vectors can be built and more complex payloads to evade filters and WAFs. In these slides, cool techniques to bypass them are described, from HTML to javascript. See also http://brutelogic.com.br/blog
This presentation covers the Cross site scripting attacks and defences in web applications, this talk was delivered as part of OWASP Hyderabad Chapter meet. Comments and suggestions are welcome.
Exploiting Cross-site scripting flaws can be a trivial challenge for anyone new to Web Application Security. This presentation aims to provide useful information on understanding different types of XSS, attack methodologies and common ways of exploiting them.
General Waf detection and bypassing techniques. Main focus to demonstrate that how to take right approach to analyse the behaviour of web application firewall and then create test cases to bypass the same.
XSS is much more than just <script>alert(1)</script>. Thousands of unique vectors can be built and more complex payloads to evade filters and WAFs. In these slides, cool techniques to bypass them are described, from HTML to javascript. See also http://brutelogic.com.br/blog
This presentation covers the Cross site scripting attacks and defences in web applications, this talk was delivered as part of OWASP Hyderabad Chapter meet. Comments and suggestions are welcome.
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWT is widely used technology specially for API's authentication. This PPT describes about security concerns with JWT..
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
Although web application firewall (WAF) solutions are very useful to prevent common or automated attacks, most of them are based on blacklist approaches and are still far from perfect. This talk illustrates a number of creative techniques to smuggle and reshape HTTP requests using the strange behaviour of web servers and features such as request encoding or HTTP pipelining. These methods can come in handy when testing a website behind a WAF and can help penetration testers and bug bounty hunters to avoid drama and pain! Knowing these techniques is also beneficial for the defence team in order to design appropriate mitigation techniques. Additionally, it shows why developers should not solely rely on WAFs as the defence mechanism.
Finally, an open source Burp Suite extension will be introduced that can be used to assess or bypass a WAF solution using some of the techniques discussed in this talk. The plan is to keep improving this extension with the help of the http.ninja project.
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015CODE BLUE
Microsoft's web browsers, Internet Explorer and Edge, have a feature called 'XSS filter' built in which protects users from XSS attacks. In order to deny XSS attacks, XSS filter looks into the request for a string resembling an XSS attack, compares it with the page and finds the appearance of it, and rewrites parts of the string if it appears in the page. This rewriting process of the string - is this done safely? The answer is no. This time, I have found a way to exploit XSS filter not to protect a web page, but to create an XSS vulnerability on a web page that is completely sane and free of XSS vulnerability. In this talk, I will describe technical details about possibilities of XSS attacks exploiting XSS filter and propose what website administrators should do to face this XSS filter nightmare.
Lie to Me: Bypassing Modern Web Application FirewallsIvan Novikov
The report considers analysis of modern Web Application Firewalls. The author provides comparison of attack detection algorithms and discusses their advantages and disadvantages. The talk includes examples of bypassing protection mechanisms. The author points out the necessity of discovering a universal method of masquerading for vectors of various attacks via WAFs for different algorithms.
This talk shares the various techniques I found whilst building the XSS cheat sheet. It contains auto executing vectors, AngularJS CSP bypasses and dangling markup attacks.
Angular - Chapter 9 - Authentication and AuthorizationWebStackAcademy
Authentication is the process of validating a user on the credentials (username and password)
and provide access to the web application(ex: Email)
Authorization helps you to control access rights by granting or denying specific permissions
to an authenticated user (Ex: User / Manager / Admin).
This presentation is from Null/OWASP/G4H November Bangalore MeetUp 2014.
technology.inmobi.com/events/null-owasp-g4h-november-meetup
Talk Outline:-
A) Reflective-(Non-Persistent Cross-site Scripting)
- What is Reflective Cross-site scripting.
- Testing for Reflected Cross site scripting
How to Test
- Black Box testing
- Bypass XSS filters
- Gray Box testing
Tools
Defending Against Reflective Cross-site scripting.
Examples of Reflective Cross-Site Scripting Attacks.
B) Stored -(Persistent Cross-site Scripting)
What is Stored Cross-site scripting.
How to Test
- Black Box testing
- Gray Box testing
Tools
Defending Against Stored Cross-site scripting.
Examples of Stored Cross-Site Scripting Attacks.
This presentation illustrates a number of techniques to smuggle and reshape HTTP requests using features such as HTTP Pipelining that are not normally used by testers. The strange behaviour of web servers with different technologies will be reviewed using HTTP versions 1.1, 1.0, and 0.9 before HTTP v2 becomes too popular! Some of these techniques might come in handy when dealing with a dumb WAF or load balancer that blocks your attacks.
Presented @ BSides Manchester 2017 & SteelCon 2017
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWT is widely used technology specially for API's authentication. This PPT describes about security concerns with JWT..
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
Although web application firewall (WAF) solutions are very useful to prevent common or automated attacks, most of them are based on blacklist approaches and are still far from perfect. This talk illustrates a number of creative techniques to smuggle and reshape HTTP requests using the strange behaviour of web servers and features such as request encoding or HTTP pipelining. These methods can come in handy when testing a website behind a WAF and can help penetration testers and bug bounty hunters to avoid drama and pain! Knowing these techniques is also beneficial for the defence team in order to design appropriate mitigation techniques. Additionally, it shows why developers should not solely rely on WAFs as the defence mechanism.
Finally, an open source Burp Suite extension will be introduced that can be used to assess or bypass a WAF solution using some of the techniques discussed in this talk. The plan is to keep improving this extension with the help of the http.ninja project.
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015CODE BLUE
Microsoft's web browsers, Internet Explorer and Edge, have a feature called 'XSS filter' built in which protects users from XSS attacks. In order to deny XSS attacks, XSS filter looks into the request for a string resembling an XSS attack, compares it with the page and finds the appearance of it, and rewrites parts of the string if it appears in the page. This rewriting process of the string - is this done safely? The answer is no. This time, I have found a way to exploit XSS filter not to protect a web page, but to create an XSS vulnerability on a web page that is completely sane and free of XSS vulnerability. In this talk, I will describe technical details about possibilities of XSS attacks exploiting XSS filter and propose what website administrators should do to face this XSS filter nightmare.
Lie to Me: Bypassing Modern Web Application FirewallsIvan Novikov
The report considers analysis of modern Web Application Firewalls. The author provides comparison of attack detection algorithms and discusses their advantages and disadvantages. The talk includes examples of bypassing protection mechanisms. The author points out the necessity of discovering a universal method of masquerading for vectors of various attacks via WAFs for different algorithms.
This talk shares the various techniques I found whilst building the XSS cheat sheet. It contains auto executing vectors, AngularJS CSP bypasses and dangling markup attacks.
Angular - Chapter 9 - Authentication and AuthorizationWebStackAcademy
Authentication is the process of validating a user on the credentials (username and password)
and provide access to the web application(ex: Email)
Authorization helps you to control access rights by granting or denying specific permissions
to an authenticated user (Ex: User / Manager / Admin).
This presentation is from Null/OWASP/G4H November Bangalore MeetUp 2014.
technology.inmobi.com/events/null-owasp-g4h-november-meetup
Talk Outline:-
A) Reflective-(Non-Persistent Cross-site Scripting)
- What is Reflective Cross-site scripting.
- Testing for Reflected Cross site scripting
How to Test
- Black Box testing
- Bypass XSS filters
- Gray Box testing
Tools
Defending Against Reflective Cross-site scripting.
Examples of Reflective Cross-Site Scripting Attacks.
B) Stored -(Persistent Cross-site Scripting)
What is Stored Cross-site scripting.
How to Test
- Black Box testing
- Gray Box testing
Tools
Defending Against Stored Cross-site scripting.
Examples of Stored Cross-Site Scripting Attacks.
This presentation illustrates a number of techniques to smuggle and reshape HTTP requests using features such as HTTP Pipelining that are not normally used by testers. The strange behaviour of web servers with different technologies will be reviewed using HTTP versions 1.1, 1.0, and 0.9 before HTTP v2 becomes too popular! Some of these techniques might come in handy when dealing with a dumb WAF or load balancer that blocks your attacks.
Presented @ BSides Manchester 2017 & SteelCon 2017
Overview of web services, SOAP, WSDL and UDDI.
A web service provides a defined set of functionality on a machine-processable interface.
The web service interface is described in a formal language like WSDL that allows creating code to access the service thus simplifying web service consumer (client) and provider (server) development.
In big web services, the interface is typically described in WSDL while the access to the service makes use of the SOAP message protocol.
SOAP has its roots in remote object access but is now a general message based and asynchronous transport mechanism.
SOAP is typically carried in HTTP (HyperText Transmission Protocol), but other message based protocols like SMTP (Email) or plain TCP could be used as well.
WSDL provides a formalized description of an interface that is coarsely separated in an abstract service interface definition containing operations and data types, a transport binding that describes how the web service is accessed and finally a description of the location (address) under which a web service is accessible.
UDDI (Universal Description and Discovery Protocol) was meant to become the standard protocol for some kind of a public yellow pages where publicly accessible web services would be listed. Lack of industry interest, however, prevented UDDI to gain widespread use.
Web services tutorial slides from my session at DPC 2012 in Amsterdam. In this 3-hour session we built the simplest possible service, and then extended it, looking at RPC, REST and SOAP along the way.
Testing web services is very important part of integration testing on web projects.
In this presentation you can learn the best approaches, tools and features of Web Services testing. Soon I'll share url with a video from my presentation.
Scale changes everything. What once was quite adequate for enterprise messaging can't scale to support "Internet of Things". We need new protocols, patterns and architectures to support this new world. This session will start with basic introduction to the concept of Internet of Things. Next it will discuss general technical challenges involved with the concept and explain why it is becoming mainstream now. Now we’re ready to start talking about solutions. We will introduce some messaging patterns (like telemetry and command/control) and protocols (such as MQTT and AMQP) used in these scenarios. Finally we will see how Apache ActiveMQ is gearing up for this race. We will show tips for horizontal and vertical scaling of the broker, related projects that can help with deployments and what the future development road map looks like.
Martyn Taylor is a senior software engineer at Red Hat, with over 7 years’ experience working on cloud, middleware and messaging software. Martyn currently works on the Apache ActiveMQ suite of projects.
Scale changes everything. Number of connections and destinations went from dozen to thousands, number of messages increased by order of magnitude. What once was quite adequate for enterprise messaging can't scale to support "Internet of Things". We need new protocols, patterns and architectures to support this new world. This session will start with basic introduction to the concept of Internet of things. Next it will discuss general technical challenges involved with the concept and explain why it is becoming mainstream now. Now we're ready to start talking about solutions. We will introduce some messaging patterns (like telemetry and command/control) and protocols (such as MQTT and AMQP) used in these scenarios. Finally we will see how Apache ActiveMQ is gearing up for this race. We will show tips for horizontal and vertical scaling of the broker, related projects that can help with deployments and what the future development road map looks like.
Emakina Academy 4 - AJAX, Flash & Rich Internet Applications: harnessing the ...Emakina
Tired of static and slow-loading websites ? With the new AJAX framework, you can build more flexible, dynamic interfaces that boldly go where no web-based application has gone before. In this Academy, our strategic cell will show how AJAX can improve the user's experience and, ultimately, the ROI of your Internet business.
This is a technical presentation describing two protocols namely MQTT and CoAP for IoT communications. This explains the protocols in conjunction with OSI layers.
It will describes SOAP/REST differences and SOAP web services in detail with practical approach. it shows usage of SOAP, XML, JAVA, WSDL, XSD and RPC with examples.
This talk highlights potential attacks against web application using Ajax and XHR technology. The first part of the talk introduces Ajax and related technologies. Second part of the talk focuses on potential attacks and consequences, including some scenario where SOP (Same of origin) policy is bypassed.
Myself and Asanka Fernandopulle conducted corporate level workshop on Application Security. This workshop covered areas such as application security treats, secure cording practices, application penetration testing and web application exploitations. Workshop mainly consisted with practical sessions and demonstrations. You can find all the presentations here.
Cross site scripting (XSS) is a type of computer security vulnerability typically found in web applications, but in proposing defensive measures for cross site scripting the websites validate the user input and determine if they are vulnerable to cross site scripting. The major considerations are input validation and output sanitization.
There are lots of defense techniques introduced nowadays and even though the coding methods used by developers are evolving to counter attack cross site scripting techniques, still the security threat persist in many web applications for the following reasons:
• The complexity of implementing the codes or methods.
• Non-existence of input data validation and output sanitization in all input fields of the application.
• Lack of knowledge in identifying hidden XSS issues etc.
This proposed project report will briefly discuss what cross site scripting is and highlight the security features and defense techniques that can help against this widely versatile attack.
Blackhat11 shreeraj reverse_engineering_browserShreeraj Shah
Hacking browser components by Reverse Engineering is emerging as the best way for discovering
potential vulnerabilities across web applications in an era of Rich Internet Applications (RIA). The RIA
space is flooded with technologies like HTML 5, Flex/Flash, Silverlight, extended DOM and numerous
third party libraries. Browsers are the target of hackers, worms and malware with specific scope, almost
on a daily basis. We have seen exploitation of these technologies on popular sites like Facebook, Twitter,
Yahoo, Google, to name a few. The traditional boundaries of web applications are disappearing.
Browsers today host a substantial part of web applications including data access, business logic,
encryption, etc. along with presentation layer. This shift is making browser components a potential
target for hackers. The danger of poorly written browser components being
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Shreeraj Shah
Browsers are escalating their feature set to accommodate new specifications like HTML 5, XHR Level 2 and DOM Level 3. It is forming the backbone of next generation applications running on mobile, PDA devices or desktops. The blend of DOM (Remote Execution stack) , XHR L2 (Sockets for injections) and HTML5 (Exploit delivery platform) is becoming an easy victim for attackers and worms. We have already witnessed these types of attacks on popular sites like Twitter, Facebook and Yahoo. It is of the essence to understand attack surface and vectors to protect next generation applications. We have an enormous expansion of attack surface after inclusion of features like audio/video tags, drag/drop APIs, CSS-Opacity, localstorage, web workers, DOM selectors, Mouse gesturing, native JSON, Cross Site access controls, offline browsing, etc. This extension of attack surface and exposure of server side APIs allow attacker to perform following lethal attacks and abuses.
XHR abuse with attacking Cross Site access controls using level 2 calls
JSON manipulations and poisoning
DOM API injections and script executions
Abusing HTML5 tag structure and attributes
Localstorage manipulation and foreign site access
Attacking client side sandbox architectures
DOM scrubbing and logical abuse
Browser hijacking and exploitation through advanced DOM features
One-way CSRF and abusing vulnerable sites
DOM event injections and controlling (Clickjacking)
Hacking widgets, mashups and social networking sites
Abusing client side Web 2.0 and RIA libraries
We will be covering the above attacks and their variants in detail along with some real life cases and demonstrations. It is also important to understand methods of discovering these types of vulnerabilities across the application base. We will see some new scanning tools and approaches to identify some of these key issues.
Advanced Web Services Hacking (AusCERT 06)Shreeraj Shah
Advanced Web Services Hacking - Attacks & Defense (AusCERT 2006).
Web services attacks are on the rise with evolution of web applications which are consuming back end web services over SOAP. UDDI, SOAP and WSDL are three important blocks of this new attack vectors. Several attacks are evolving around web services like UDDI enumeration, XPATH injection, XML poisoning, WSDL scanning, SOAP bruteforcing etc. At the same time new range of defense is evolving for web services with SOAP filtering. It is critical to know methodologies, attack vectors and defense strategies before deploying web services into the corporate environment. This paper will discuss advanced web services hacking methods and defense approaches.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
10. Web 2.0 Architecture HTML / JS / DOM RIA (Flash) Ajax Browser Internet Blog Web 2.0 Start Database Authentication Application Infrastructure Web Services End point Internet Mails News Documents Weather Bank/Trade RSS feeds
11. Ajax Flash / RIA HTML/CSS JavaScript Widget DOM SOAP XML-RPC HTTP/HTTPS JSON XML RSS/ATOM Text JS-Objects Custom SOA/WOA SaaS Web Services Ajax Traditional APIs REST Client Layer Protocol Layer Structure Layer Server Layer Web 2.0 Components
12. Technologies Web Server Static pages HTML,HTM etc.. Web Client Scripted Web Engine Dynamic pages ASP DHTML, PHP,CGI Etc.. DB X ASP.NET with .Net J2EE App Server Web Services Etc.. Application Servers And Integrated Framework Internet DMZ Trusted Internal/Corporate W E B S E R V I C E S Web Service Client SOAP, REST, XML-RPC
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43. Transport Stack HTTP, HTTPS Access Stack WSDL,SOAP Discovery Stack UDDI, DISCO Security Stack WS-Security Presentation Stack XML Web services stack
44. Web Services Client HTTP POST SOAP Envelope Web Server 80/443 Web Services Engine Web Services Binaries Web Services Deployment Shell Web Services Code & Components User Controlled Vendor Controlled In Transit End Client Security!
45. Assessment strategies Web Services Risk Model Web Services Defense Controls Blackbox Assessment Whitebox Assessment
69. Nodes of WSDL Data types Message Types Operations Access Binding Service
70. WSDL <Service> <service name="dvds4less"> <port name="dvds4lessSoap" binding="s0:dvds4lessSoap"> <soap:address location="http://192.168.11.2/ws/dvds4less.asmx"/> </port> </service> Where the call is going to hit? It is where service is listening.
87. SOAP response <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <soap:Fault> <faultcode>soap:Server</faultcode> <faultstring>Server was unable to process request. --> Cannot use empty object or column names . Use a single space if necessary.</faultstring> <detail /> </soap:Fault> </soap:Body> Demo Indicates SQL Server Place for SQL Injection Fault Code
102. SOAP request <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <getRebatesInfoResponse xmlns="http://tempuri.org/"> <getRebatesInfoResult ><% ' file: rebates.asp ' date: 20-AUG-03 ' desc: rebates listing ' author: nd ' client: dvds4less 'check if we have been called with a filename or without loc = request.querystring("loc") lenloc = len(loc) if lenloc > 0 then ' we have been called with a filename ' so print the rebate coupon%><img …………………… . </getRebatesInfoResult> </getRebatesInfoResponse> </soap:Body> </soap:Envelope> Parameter Temparing File Access to system
103.
104.
105.
106.
107.
108.
109.
110. IIS Web Server HTTP Stack .Net Web Services IIS Web Server wsRook (Filter) Web Services Client SOAP Envelope Reject Rules for SOAP Content filtering
111. .Net Web Services .asmx file IIS web server wsRook Web Services Client SOAP Input Envelope <soap:Body soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <q1:getInput xmlns:q1="http://DefaultNamespace"> <id xsi:type="xsd:string">12123</id> </q1:getInput> </soap:Body> DB <id xsi:type="xsd:string">12123</id> id=12123 Bal=$2500 <ns1:getInputReturn xsi:type="xsd:string"> $2500 </ns1:getInputReturn> SOAP Output Envelope Content filtering
112.
113.
114.
115.
116. Thanks! Email - shreeraj@net-square.com Blog - http://shreeraj.blogspot.com