Running List of Vulnerabilities specific to the use of XML, Web Services and SOA

This is a list that I will keep up to date as much as possible.  Please add to this list as you see fit - add items, explanations or examples.  This list was take from a recent IBM DataPower presentation. 

XML Entity Expansion and Recursion Attacks

XML Document Size, Width, Depth Attacks

XML Welformedness-based Parser Attacks

Jumbo Payloads

Recursive Elements

MegaTags - aka Jumbo Tag Names

Public Key DoS

XML Flood

Resource Hijack

Dictionary Attack

Message Tampering

Data Tampering

Message Snooping

Xpath Injection

SQL Injection

WSDL Enumeration

Routing Detour

Schema Poisoning

Malicious Morphing

Malicious Include or XML External Enity (XXE) Attack

Memory Space Breach

XML Encapsulation

XML Virus

Falsified Message

Replay Attack

___________________________________________________

>> Back to Main Page

Gary E. Smith
SOA Security Architect