This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Routing Detour"
From OWASP
(initial page setup) |
m |
||
Line 11: | Line 11: | ||
=== Perimeter Solution === | === Perimeter Solution === | ||
− | Use SSL/TLS for connections between all trusted locations | + | * Use SSL/TLS for connections between all trusted locations for confidentiality and mutual authentication. |
+ | * Provide configuration-based whitelist for WS Routing destinations. | ||
=== Generic Framework Solution === | === Generic Framework Solution === |
Revision as of 06:41, 7 June 2013
Return to Periodic Table Working View
Routing Detour
Root Cause Summary
This is a man in the middle type of attack, where (XML) content processors can be injected to route sensitive information to an attacker-controlled outside location. The attacker can modify the contents of the package and send it back to the original processor, unaware of the modifications.
Browser / Standards Solution
Perimeter Solution
- Use SSL/TLS for connections between all trusted locations for confidentiality and mutual authentication.
- Provide configuration-based whitelist for WS Routing destinations.
Generic Framework Solution
Custom Framework Solution
Custom Code Solution
Discussion / Controversy
This is actually a type of attack and not a vulnerability