use of ws-security actually increases likelyhood of successful attack

, posted: 16-Aug-2007 10:39

one of the many presentations to ponder from Black Hat: Brad Hill presented how ws-security is inherently less secure than just using client ssl certs. some of the reason: 1. increased attack surface 2. outta da box settings not ready for use 3. infinite loops in XSLT makes for easier dos Brad Hill's slides: iSEC_HILL_AttackingXMLSecurity_bh07.pdf previously mentioned on:

Other related posts: Call For Papers WELLINGTON 2010
Postal metaphor
Librarians join protest against New Zealand's "Guilt on Accusation"

Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and shown in this blog post.

Your name:

Your e-mail:

Your webpage:

taniwha's profile

Wally (Brenda) 
Te Whanganui O Tara
New Zealand