WCF Vulnerability Testing:
Once the development is completed on WCF service, we should do the vulnerability test. This testing is to find vulnerability in web service deployment.
Open Web Application Security Project – (OWASP) provides guidelines to test vulnerability in web application development.
|Ref. Number||Test Name||Vulnerability|
|OWASP-WS-001||WS Information Gathering||Information Disclosure-Unnecessary to expose the wsdl|
|OWASP-WS-002||Testing WSDL||Information Disclosure|
|OWASP-WS-003||XML Structural Testing||Weak XML Structure or improper xml node|
|OWASP-WS-004||XML content-level Testing||XML content-level – SQL injection/xpath injection, buffer overflow, command injection|
|OWASP-WS-005||HTTP GET parameters/REST Testing||WS HTTP GET parameters/REST – SQL injection|
|OWASP-WS-006||Naughty SOAP attachments||WS Naughty SOAP attachments -malware as an attachment|
|OWASP-WS-007||Replay Testing||WS Replay Testing|
© 2015, admin. All rights reserved.
Reference books, you may like:Programming WCF Services: Design and Build Maintainable Service-Oriented Systems
WCF Multi-Layer Services Development with Entity Framework, 4th Edition
Learning WCF: A Hands-on Guide