Security Testing 简明教程

Security Testing - Web Service

在现代的基于 Web 的应用程序中,使用 Web 服务是不可避免的,而且它们也容易受到攻击。由于 Web 服务请求从多个网站提取,因此开发人员必须采取一些额外的措施才能避免黑客进行任何形式的渗透。

In modern web-based applications, the usage of web services is inevitable and they are prone for attacks as well. Since the web services request fetch from multiple websites developers have to take few additional measures in order to avoid any kind of penetration by hackers.

Hands ON

Step 1 − 导航到 Webgoat 的 Web 服务区域,然后转到 WSDL 扫描。我们现在需要获取其他帐号的信用卡详细信息。以下是对这种情况的概述。

Step 1 − Navigate to web services area of Webgoat and go to WSDL Scanning. We need to now get credit card details of some other account number. Snapshot of the scenario is as mentioned below.

web services

Step 2 − 如果我们选择名字,则会通过 SOAP 请求 xml 调用“getFirstName”功能。

Step 2 − If we select the first name, the 'getFirstName' function call is made through SOAP request xml.

web services1

Step 3 − 通过打开 WSDL,我们可以看到有一个方法可以检索信用卡信息以及“getCreditCard”。现在,让我们使用 Burp 套件篡改输入,如下所示 −

Step 3 − By opening the WSDL, we are can see that there is a method to retrieve credit card information as well 'getCreditCard'. Now let us tamper the inputs using Burp suite as shown below −

web services2

Step 4 − 现在,让我们使用 Burp 套件修改输入,如下所示 −

Step 4 − Now let us modify the inputs using Burp suite as shown below −

web services3

Step 5 − 我们可以获得其他用户的信用卡信息。

Step 5 − We can get the credit card information of other users.

web services4

Preventive Mechanisms

  1. Since SOAP messages are XML-based, all passed credentials have to be converted to text format. Hence one has to be very careful in passing the sensitive information which has to be always encrypted.

  2. Protecting message integrity by implementing the mechanisms like checksum applied to ensure packet’s integrity.

  3. Protecting message confidentiality - Asymmetric encryption is applied to protect the symmetric session keys, which in many implementations are valid for one communication only and are discarded subsequently.