Web-Service Vulns

• Whole new world of vulnerabilities!

• XPATH, XQUERY injection (' like SQL)

• XML injection

• • • • username=”email@host.com</email><root>1</root><email>email@host.com”

• SOAP WSDL maps the attacks for you

• More info at:

• • https://www.isecpartners.com/speaking.html