Digital Edition

SYS-CON.TV
XML Content Attacks
Web Services Edge 2005 East: WSS-6

ABOUT THE SPEAKER
Girish Juneja has more than 15 years experience in the high technology industry with extensive product management, product strategy, engineering management, and technology marketing expertise. He is the cofounder of Sarvega. Since Sarvega’s inception, Girish has led the Sarvega engineering and customer services organizations to develop Sarvega’s industry-leading core XESOS technology and XML Networking products.


SESSION DESCRIPTION
This talk defines a new class of threats, XML Content Attacks, and differentiates these threats from more general Web services attacks and XML security-based attacks. These three related but distinct threat areas are explained. The talk covers XML Content Attacks with regard to tree-based parsing exploits related to coercive parsing, node-depth attacks, and DOM. XML grammar validation exploits such as schema poisoning and lax-content models are discussed, and why traditional schema validation cannot ensure content-model consistency. Web services attacks like WSDL scanning and parameter tampering (SQL Injection, SOAP array attack) are discussed – highlighting common mistakes made when applying message-level security (WS-Security).

About SYS-CON tv
SYS-CON.tv is unique multimedia resource - enabled by Flash video - bringing you timely interviews, news, expert panels, and features on all that's new and all that's best among i-Technology products and services.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Now is the time for a truly global DX event, to bring together the leading minds from the technology...
On-premise or off, you have powerful tools available to maximize the value of your infrastructure an...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures....
Artifex Software began 25-years ago with Ghostscript, a page description language (PDL) interpreter ...
In an age of borderless networks, security for the cloud and security for the corporate network can ...
In today's always-on world, customer expectations have changed. Competitive differentiation is deliv...
As the digitization of business accelerates the move of critical applications and content to the clo...
Blockchain has shifted from hype to reality across many industries including Financial Services, Sup...
Cloud Storage 2.0 has brought many innovations, including the availability of cloud storage services...
Concerns about security, downtime and latency, budgets, and general unfamiliarity with cloud technol...
In very short order, the term "Blockchain" has lost an incredible amount of meaning. With too many j...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web...
For enterprises to maintain business competitiveness in the digital economy, IT modernization is req...
Cloud-Native thinking and Serverless Computing are now the norm in financial services, manufacturing...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS...
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cl...
Moving to Azure is the path to digital transformation, but not every journey is effective. Organizat...
Most modern computer languages embed a lot of metadata in their application. We show how this goldmi...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...