This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Projects/OWASP WS Amplification DoS Project/Roadmap"
From OWASP
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
− | PHASE 1: | + | '''PHASE 1:''' |
− | *A - Setting up a tool that can detect this vulnerability | + | *'''A''' - Setting up a tool that can detect this vulnerability |
**Finding a way to crawl the net looking for open webservices and test them with the above tool | **Finding a way to crawl the net looking for open webservices and test them with the above tool | ||
− | *B - Looking into the different WS implementations and finding out their default WS-Addressing behaviour | + | *'''B''' - Looking into the different WS implementations and finding out their default WS-Addressing behaviour |
** .NET, Axis, Axis2, CXF,... | ** .NET, Axis, Axis2, CXF,... | ||
− | PHASE 2: | + | '''PHASE 2:''' |
− | *A - Analyse the results and determine the global threat magnitude | + | *'''A''' - Analyse the results and determine the global threat magnitude |
** Average amplification factor, number of vulnerable open webservices,... | ** Average amplification factor, number of vulnerable open webservices,... | ||
− | *B - Determine what adjustments and countermeasures must be taken in order to mitigate the threat | + | *'''B''' - Determine what adjustments and countermeasures must be taken in order to mitigate the threat |
**In the frameworks, external tool?,... | **In the frameworks, external tool?,... | ||
− | PHASE 3: | + | '''PHASE 3:''' |
*Bundle all the results and possible countermeasures into a document/article to create awareness | *Bundle all the results and possible countermeasures into a document/article to create awareness |
Latest revision as of 15:08, 23 May 2013
PHASE 1:
- A - Setting up a tool that can detect this vulnerability
- Finding a way to crawl the net looking for open webservices and test them with the above tool
- B - Looking into the different WS implementations and finding out their default WS-Addressing behaviour
- .NET, Axis, Axis2, CXF,...
PHASE 2:
- A - Analyse the results and determine the global threat magnitude
- Average amplification factor, number of vulnerable open webservices,...
- B - Determine what adjustments and countermeasures must be taken in order to mitigate the threat
- In the frameworks, external tool?,...
PHASE 3:
- Bundle all the results and possible countermeasures into a document/article to create awareness