O'Reilly logo

Improving Web Application Security: Threats and Countermeasures by Microsoft Corporation

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Threats and Countermeasures

To build secure Web services, know the associated threats. The top threats directed at Web services are:

  • Unauthorized access

  • Parameter manipulation

  • Network eavesdropping

  • Disclosure of configuration data

  • Message replay

Figure 12-1 shows the top threats and attacks directed at Web services.

Main Web services threats

Figure 12-1. Main Web services threats

Unauthorized Access

Web services that provide sensitive or restricted information should authenticate and authorize their callers. Weak authentication and authorization can be exploited to gain unauthorized access to sensitive information and operations.

Vulnerabilities

Vulnerabilities that can lead to unauthorized ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required