Difference between revisions of "Projects/OWASP WS Amplification DoS Project/Roadmap"

Latest revision as of 15:08, 23 May 2013

PHASE 1:

A - Setting up a tool that can detect this vulnerability
- Finding a way to crawl the net looking for open webservices and test them with the above tool
B - Looking into the different WS implementations and finding out their default WS-Addressing behaviour
- .NET, Axis, Axis2, CXF,...

PHASE 2:

A - Analyse the results and determine the global threat magnitude
- Average amplification factor, number of vulnerable open webservices,...
B - Determine what adjustments and countermeasures must be taken in order to mitigate the threat
- In the frameworks, external tool?,...

PHASE 3:

Bundle all the results and possible countermeasures into a document/article to create awareness

@@ Line 1: / Line 1: @@
-PHASE 1:
+'''PHASE 1:'''
-*A - Setting up a tool that can detect this vulnerability
+*'''A''' - Setting up a tool that can detect this vulnerability
 **Finding a way to crawl the net looking for open webservices and test them with the above tool
-*B - Looking into the different WS implementations and finding out their default WS-Addressing behaviour
+*'''B''' - Looking into the different WS implementations and finding out their default WS-Addressing behaviour
 ** .NET, Axis, Axis2, CXF,...
-PHASE 2:
+'''PHASE 2:'''
-*A - Analyse the results and determine the global threat magnitude
+*'''A''' - Analyse the results and determine the global threat magnitude
 ** Average amplification factor, number of vulnerable open webservices,...
-*B - Determine what adjustments and countermeasures must be taken in order to mitigate the threat
+*'''B''' - Determine what adjustments and countermeasures must be taken in order to mitigate the threat
 **In the frameworks, external tool?,...
-PHASE 3:
+'''PHASE 3:'''
 *Bundle all the results and possible countermeasures into a document/article to create awareness