Security testing in SOA world
Service-oriented architecture, as the name implies, is a collection of loosely coupled services which can be over the same or different network. These services talk to multiple databases and share lots of critical information within the organizational services as well as third-parties. The sharing of complex information across multiple WAN and multiple third-party services across enterprises raises concerns for the stakeholders.
Let's have a look at few of the attack types:
SQL injection: The purpose of this attack is to gain access to the database or to get an inappropriate response when we pass SQL fragments in the request parameters.
XPath injection: The purpose of this attack type is to extract information from an XML database.
XML bomb: The purpose of this attack is to result in denial of service for an application. This attacks works by overloading the XML parser recursively by using the entities defined in the DTD.
Cross-site scripting attack: This is...
