Brad Hill: Attacking Web Service Securty: Message....
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
English - January 09, 2006 23:10 - 1 hour - 129 KB Video - ★★★★★ - 1 ratingTechnology News Tech News blackhat usa 2006 black hat vegas blackhat vegas hacking convention computer security speeches presentations spoken word video Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Web Services are becoming commonplace as the foundation of both internal Service Oriented Architectures and B2B connectivity, and XML is the world's most successful and widely deployed data format. This presentation will take a critical look at the technologies used to secure these systems and the emerging attention to "message-oriented" security. How do WS-Security, XML Digital Signatures and XML Encryption measure up?
The first half of the talk will take a strategic view of message-oriented security and compare it to existing alternatives like SSL. The second half will be a technical deep dive into XML Digital Signatures as a case study in security technology design. The state of the art in XML attacks will be summarized and advanced, including a series of critical design flaws that allowed achieving reliable cross-platform code injection on multiple vendor platforms.
A tool will be demonstrated to apply a several of the attack techniques discussed against SAML messages.