10-07-2012, 03:31 PM
ATTACKING AND DEFENDING WEB SERVICES
Attacking_and_Defending_WS.pdf (Size: 839.1 KB / Downloads: 44)
Introduction
The key to securing any application architecture is understanding its threat profile and how that affects risk. Risk is evaluated based on an assessed level of platform weaknesses, or vulnerabilities, along with the likelihood of attack, or threat to the environment. Any time new technology is introduced in a computing environment this risk profile changes. Web Services is no different.
The characteristics of Web Services that comprise the value proposition also create a new set of exposures in the enterprise. New integration points, componentized architectures, and increased dynamic functionality contribute to new types of threats that directly impact the risk.
As is common with new technology, much work has been done with Web Services to design trust mechanisms through standards like SAML, WS-Security, XML-Encrypt, and XML-Sign, yet there has been relatively little work in defining the nature and types of threats in this environment. This paper will address the real and predictable threats that exist in the web services world.
Web Services Threat Profile
Threats have evolved with distributed architectures from monolithic mainframes to two- and three-tier client server and on to n-tier Web environments. Web services introduce the concept of an n-peer architecture where components participate in a collective manner. Three basic characteristics of Web Services create both its functional power and also risk:
► Standards provide common methods and processes but also create an opportunity for an attacker to broaden his number of targets. As standards move ‘up the stack’ this reach increases drastically and the impact is felt more.
► Loosely-coupled components create a flexible, ‘plug-and-play’ architecture with replaceable pieces that foster scalability. The communications among these components provide new risks.
► Federation of sources for data can eliminate redundancy and add to the flexibility and scalability value proposition. But this federation also assumes much about the quality of the data and the inherent trust built into the environment.
XML/SOAP Manipulation
XML is the grammar and SOAP is the standard interface language of Web Services. New implementations, especially when pervasive across applications and entities, are prime targets for attackers.
XML documents are intelligent pieces of information. They may contain various types of data for input into a system. Some of the functional uses are described below:
► SOAP Headers provides a pre-defined structure with an XML message for context-sensitive information including security tokens (e.g. SAML) as well as other volatile information intended for intermediary or end-point processing
► Protocol requests/responses provide the underlying communication mechanisms that programs understand.
Untrusted Configuration Data
In a manner similar to entities, configuration data such as XML Schemas and Web Services Description Language (WSDL) files ‘live’ outside the application yet provide key information to the entities involved.
Operating as a dynamic component, the configuration information that supplies details to a web services consumer has a unique standing in the architecture. These are the sources that determine the specific operations of a service and, as such, are highly sensitive to any form of manipulation or access. Typical web services configuration information data includes:
XML Processors
XML processors may be standalone utilities or integrated into any of the components described above. Basically, they provide the intelligence to interpret XML documents as inputs to an application. More specifically, these processors perform the following functions:
► Parse the XML document into its component parts. SAX and DOM are the most popular parsing approaches. DOM is a tree-based parsing technique that builds up an entire parse tree in memory. Rather than building a tree representation of an entire document, a SAX parser fires off a series of events as it reads through the document. Streaming API for XML introduces a streaming model to parsing that resembles the SAX approach. Finally, deferred DOM parsing does not create the full tree structure of objects in memory.