To build secure Web services, know the associated threats. The top threats directed at Web services are:
Disclosure of configuration data
Figure 12-1 shows the top threats and attacks directed at Web services.
Figure 12-1. Main Web services threats
Web services that provide sensitive or restricted information should authenticate and authorize their callers. Weak authentication and authorization can be exploited to gain unauthorized access to sensitive information and operations.
Vulnerabilities that can lead to unauthorized ...