This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Web Services Cheat Sheet

From OWASP
Revision as of 01:28, 31 August 2011 by Koussa (talk | contribs)

Jump to: navigation, search

ACTIVE WORK IN PROGRESS AUGUST 2011

Introduction

This article is focused on providing guidance to securing web services and preventing web services related attacks.

Transport Confidentiality

All communication between web services and their clients must be encrypted using

Transport Authentication

Transport Encoding

Message Authentication

Message Integrity

Message Confidentiality

Authorization

Depending on the functionality. A web service should authorize its clients whether they have access to the method in question. This can be done using one of the following methods:

- Having clients to authorize to the web service using username and password - Having clients to authorize to the web service using client certificates

Schema Validation

Content Validation

Output Encoding

Virus Protection

Message Size

Message Throughput

Identity, key, cert, provisioning

Endpoint Security Profile

Audit Logging

Software Engineering Assurance

XML Denial of Service Protection

Testing

OWASP Cheat Sheets Project Homepage