OWASP Top 10 : Penetration Testing with SOAP Service and Mitigation

SOAP Overview: Simple Object Access Protocol (SOAP) is Connection or an interface between the web services or a client and web service. SOAP is operated with application layer protocols like HTTP, SMTP or even with the TCP for message transmission. Figure 1  SOAP Operation It is developed in xml language, which uses Web Service Description […]

OWASP TOP 10: Security Misconfiguration #5 – CORS Vulnerability and Patch

What is the meaning of an origin? Two websites are said to have same origin if both have following in common: Scheme (http, https) Host name (google.com, facebook.com, securelayer7.net) Port number (80, 4567, 7777) So, sites http://example.com and http://example.com/settings have same origin. But https://example.com:4657 and http://example.com:8080/settings have different origins. The ‘Same Origin Policy’ restricts how a script […]

OWASP TOP 10 Cross-Site Request Forgery #8 – About CSRF Vulnerability and Fix

Overview OWASP TOP 10 Cross-Site Request Forgery #8 is a vulnerability which is very commonly found in many web applications these days. And it is also included in the OWASP Top 10 List of Common Web application vulnerabilities. Before I start with the technical explanation, let me give you a lay-man example of the CSRF […]