Web service security – Threats and Countermeasures – Part 1 : Message Protection – Integrity and Confidentiality


  • Network eavesdropping leads to disclosure of confidential information

  • An attacker manipulates a message in transit influencing the service’s behavior


  • Lack of end to end encryption when sending SOAP messages

  • Lack of a digital signature to verify authenticity of a SOAP message


You might also notice that the implementations for these patterns are grouped together so that we are demonstrating implementation not just of data confidentiality but also data origin authentication. This is intentional. An encrypted message can still be tampered with - so we recommend you implement both of these patterns at the same time...

Hope to post another entry on Monday... 

Comments (0)

Skip to main content