This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Testing for Naughty SOAP Attachments (OWASP-WS-006)

From OWASP
Revision as of 02:46, 2 November 2006 by Mroxberr (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Brief Summary

An attacker can craft an XML document to send to a web service that contains malware as attachments. Testing to ensure the Web Service host inspects SOAP attachments should be included in the web application testing plan.



Description of the Issue

2) general malware (Viruses and Trojans) that can be included as binary attachments that are processed on the host machine,



Black Box testing and example

Testing for Topic X vulnerabilities: ... Result Expected: ...



Gray Box testing and example

Testing for Topic X vulnerabilities: ... Result Expected: ...



References

Whitepapers ... Tools ...

Retrieved from "https://wiki.owasp.org/index.php?title=Testing_for_Naughty_SOAP_Attachments_(OWASP-WS-006)&oldid=11400"