![]() The countermeasure is to forward only signed elements that guarantee each module accesses the same elements used in both signature validation and application logic. Unfortunately, application logic may follow different parts of the message which may not be able to validate the XML signature. An attacker can alter the message structure by injecting forged elements, which still validates the XML signature. XML documents containing XML signatures are processed with two steps: signature validation and function invocation (i.e., business logic). Although XML Signature is designed to facilitate data integrity protection and origin authentication for a variety of document types, it may still lead to security problems unless web service developers are aware of some subtler properties of XML Signature. ![]() However, naive use of XML Signature is vulnerable to wrapping attacks that add extra elements onto SOAP messages. SOAP data is vulnerable to a variety of MITM (Man-In-The-Middle) attacks, such as interception, manipulation, and transmission, so WS-Security using XML Signature and XML Encryption is used to protect against such attacks. SOAP (Simple Object Access Protocol) based on XML is a lightweight protocol used to exchange services related structured information. However, not many service providers have implemented these standards. ![]() Security vulnerability categories and countermeasures of the Application Component level via HTTP connection which does not support transactions or guaranteed delivery.
0 Comments
Leave a Reply. |