SlideShare a Scribd company logo

Attacking XML Security

Y
Yusuf Motiwala

This document discusses XML security and attacks on web services. It begins with an agenda that covers introducing the speaker and why XML security matters. It then discusses challenges to the conventional wisdom that message-oriented security is better than SSL/TLS, arguing that SSL provides what is needed for most real-world web service deployments while WS-Security is more complex, error-prone, and expands attack surfaces. The document notes that web services are often used internally or for business-to-business interfaces, where accountability discourages malicious behavior more than anonymous internet threats. It concludes SSL is still better than WS-Security for authenticating users and excluding unauthorized attackers.

Technology
1 of 182
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security
Attacking XML Security

More Related Content

PDF
Soa And Web Services Security
ConSanFrancisco123
 
PPTX
Cybercrime Threats in 2012 - What You Need to Know
Kaseya
 
PDF
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
Vince Garr
 
PDF
[OPD 2019] .NET Core Security
OWASP
 
PDF
Cloud Security by CK
Narinrit Prem-apiwathanokul
 
PDF
44CON 2013 - The Forger's Art: Exploiting XML Digital Signature Implementatio...
44CON
 
PDF
XMPP - Introduction And LAS Implementation (Presentation)
Ralf Klamma
 
PPT
XML
thotasrinath
 
Soa And Web Services Security
ConSanFrancisco123
 
Cybercrime Threats in 2012 - What You Need to Know
Kaseya
 
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
Vince Garr
 
[OPD 2019] .NET Core Security
OWASP
 
Cloud Security by CK
Narinrit Prem-apiwathanokul
 
44CON 2013 - The Forger's Art: Exploiting XML Digital Signature Implementatio...
44CON
 
XMPP - Introduction And LAS Implementation (Presentation)
Ralf Klamma
 
XML
thotasrinath
 

Viewers also liked (20)

PDF
Introduction
Hüseyin Çakır
 
PPT
XPath - XML Path Language
yht4ever
 
PPTX
How to Launch a Web Security Service in an Hour
Cyren, Inc
 
PPTX
XPATH
Sun Technlogies
 
PPT
Web Service Security
n|u - The Open Security Community
 
PDF
Android UI
Sven Haiges
 
PPTX
Functional programming with python
Marcelo Cure
 
PPT
Securing Windows web servers
Information Technology
 
PPT
Intoduction to Network Security NS1
koolkampus
 
PPTX
Trends in spies
Trend Reportz
 
PPTX
CITY OF SPIES BY SORAYYA KHAN
Sheikh Hasnain
 
PPT
Lec 03 set
Naosher Md. Zakariyar
 
PDF
Android Application: Introduction
Jollen Chen
 
PPT
SAN Review
Information Technology
 
PPTX
Noah Z - Spies
Mrs. Haglin
 
PDF
Scalable Internet Servers and Load Balancing
Information Technology
 
PPTX
Serial Killers Presentation1
Taylor Leszczynski
 
PPTX
Intelligence, spies & espionage
dgnadt
 
PPT
SAN
Information Technology
 
PPTX
Carrick - Introduction to Physics & Electronics - Spring Review 2012
The Air Force Office of Scientific Research
 
Introduction
Hüseyin Çakır
 
XPath - XML Path Language
yht4ever
 
How to Launch a Web Security Service in an Hour
Cyren, Inc
 
XPATH
Sun Technlogies
 
Web Service Security
n|u - The Open Security Community
 
Android UI
Sven Haiges
 
Functional programming with python
Marcelo Cure
 
Securing Windows web servers
Information Technology
 
Intoduction to Network Security NS1
koolkampus
 
Trends in spies
Trend Reportz
 
CITY OF SPIES BY SORAYYA KHAN
Sheikh Hasnain
 
Lec 03 set
Naosher Md. Zakariyar
 
Android Application: Introduction
Jollen Chen
 
SAN Review
Information Technology
 
Noah Z - Spies
Mrs. Haglin
 
Scalable Internet Servers and Load Balancing
Information Technology
 
Serial Killers Presentation1
Taylor Leszczynski
 
Intelligence, spies & espionage
dgnadt
 
SAN
Information Technology
 
Carrick - Introduction to Physics & Electronics - Spring Review 2012
The Air Force Office of Scientific Research
 
Ad

Similar to Attacking XML Security (20)

PDF
20071015 Architecting Enterprise Security
David Chou
 
PPTX
SOA Security
Pauli Kauppila
 
PDF
Cyber defense for soa & rest oracle
igsc
 
PDF
Presentation cyber defense for soa & rest
xKinAnx
 
PDF
Layer 7 & Oracle: Cyber Defense for SOA & REST
CA API Management
 
PDF
07 a breaking_xml_signature_and_encryption_-_juraj_somorovsky
Sunny Sreekanth
 
PDF
07 a breaking_xml_signature_and_encryption_-_juraj_somorovsky
Sunny Sreekanth
 
PPTX
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Kelly Robertson
 
PPT
P hallam baker_keynote
shindeshekhar
 
PDF
ENGS4851_Final_Certified_Report
Nagendra Posani
 
PDF
Soa Security Testing
Jaipal Naidu
 
PPTX
On Technical Security Issues in Cloud Computing.pptx
GaluhPt
 
PPT
Web-services
webhostingguy
 
PDF
Web Services Security - Short Report
Muhammad Jawaid Shamshad
 
PDF
Whats new in was liberty security and cloud readiness
sflynn073
 
PDF
DEfcon15 XXE XXS
pentest pentest
 
PDF
The Thing That Should Not Be
morisson
 
PDF
O Dell Secure360 Presentation5 12 10b
Bruce O'Dell
 
PDF
Enterprise Web Services Security 1st Ed Rickland Hollar Richard Murphy
segevkoneyse
 
PDF
Review paper on web service security
Editor Jacotech
 
20071015 Architecting Enterprise Security
David Chou
 
SOA Security
Pauli Kauppila
 
Cyber defense for soa & rest oracle
igsc
 
Presentation cyber defense for soa & rest
xKinAnx
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
CA API Management
 
07 a breaking_xml_signature_and_encryption_-_juraj_somorovsky
Sunny Sreekanth
 
07 a breaking_xml_signature_and_encryption_-_juraj_somorovsky
Sunny Sreekanth
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Kelly Robertson
 
P hallam baker_keynote
shindeshekhar
 
ENGS4851_Final_Certified_Report
Nagendra Posani
 
Soa Security Testing
Jaipal Naidu
 
On Technical Security Issues in Cloud Computing.pptx
GaluhPt
 
Web-services
webhostingguy
 
Web Services Security - Short Report
Muhammad Jawaid Shamshad
 
Whats new in was liberty security and cloud readiness
sflynn073
 
DEfcon15 XXE XXS
pentest pentest
 
The Thing That Should Not Be
morisson
 
O Dell Secure360 Presentation5 12 10b
Bruce O'Dell
 
Enterprise Web Services Security 1st Ed Rickland Hollar Richard Murphy
segevkoneyse
 
Review paper on web service security
Editor Jacotech
 
Ad

Recently uploaded (20)

PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Teaching material agriculture food technology
LiaRayya
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
A Presentation on Artificial Intelligence
memembruh336
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17