简体繁体 English

SOA漏洞

[英]SOA vulnerabilities

原文 2010-02-04 13:36:20 0 3 security/ sql-injection/ soa

I am a post graduate student. 我是研究生。 I have to do a masters thesis on SOA vulnerabilities(SOA security). 我必须做一个关于SOA漏洞（SOA安全性）的硕士论文。 In the sense, finding vulnerabilities in web services or finding solutions to the existing vulnerabilities. 从某种意义上说，查找Web服务中的漏洞或查找现有漏洞的解决方案。 In that direction i have been searching for vulnerabilities in SOA. 在那个方向上，我一直在寻找SOA中的漏洞。 Once the vulnerability is find i have to stimulate it and show to my guide. 一旦发现漏洞，我必须激发它并向我的向导展示。 Some attacks i found in OWASP in the corresponding areas are DOS attacks, Injection attacks(SQL injection,XPath injection). 我在相应领域的OWASP中发现的一些攻击是DOS攻击，注入攻击（SQL注入，XPath注入）。 I could not able to take a proper decision at the moment so as what to do next. 我现在无法做出正确的决定，以便下一步做什么。
Can anyone please tell me how could i proceed to successfully reach the destination? 谁能告诉我怎样才能成功到达目的地？

3 个解决方案

To help you out a bit on your research i'm stating this website: 为了帮助您了解您的研究，我要说明这个网站：

http://www.packetstormsecurity.com http://www.packetstormsecurity.com

This website has alot of information regarding to exploits / hacks / fixxes and alot of info about cross site server scripting / dos-attacks / sql-injection etc etc etc. If you really need more info or nice articles about various attacks and fixxes you should seriously consider checking out that page. 这个网站有很多关于漏洞/黑客/修复的信息和很多关于跨站点服务器脚本/ dos-attacks / sql-injection等等的信息。如果你真的需要更多关于各种攻击和修复的信息或好文章你应该认真考虑检查该页面。

一般来说，您应该与导师深入讨论，而不是一般地询问互联网。

The field of computer security is massive and there is always something to explore. 计算机安全领域非常庞大，总有一些东西需要探索。 This is one of the reasons why I love hacking. 这是我喜欢黑客攻击的原因之一。

Currently I am working on a masterpiece exploit that will be the basis for my Blackhat/Defcon talk in august. 目前我正在研究一项杰作，它将成为我八月份Blackhat / Defcon谈话的基础。 I think that writing exploit code is vital for understanding the exploitation process. 我认为编写漏洞利用代码对于理解开发过程至关重要。 Even if you are the most Arian of white hats, you must write exploit or you will always be behind the attacks in terms of skill. 即使你是白帽子中最具阿里安风格的人，你必须写出利用，否则你将永远在技能方面落后于攻击。 I love going to hacker cons to get now ideas for my security research. 我喜欢去黑客利弊，以获得我的安全研究的想法。 It is also helpful to see new attacks. 看到新的攻击也很有帮助。

Some things that you have no mentioned are Memory manipulation attacks such as buffer overflows. 你没有提到的一些事情是内存操纵攻击，如缓冲区溢出。 Modern buffer overflows are more difficult to exploit than Aleph One's smashing the stack for fun and profit. 现代缓冲区溢出比Aleph One砸碎堆栈以获得乐趣和利润更难以利用。 You should look into modern bypasses to ASLR such as heap spraying or heap feng shui. 你应该看看ASLR的现代绕道，如堆喷或堆风水。 Attacks like jmp2reg (jmp2esp jump2ebx ect...) are also interesting for bypasses for ASLR. 像jmp2reg（jmp2esp jump2ebx等......）这样的攻击对于ASLR的旁路来说也很有意思。

Attacking ActiveX components is fun. 攻击ActiveX组件很有趣。 I used HD Moore's AxMan with great success. 我使用HD Moore的AxMan取得了巨大的成功。 Here is the remote code execution exploit I found using AxMan: http://www.milw0rm.com/exploits/7910 . 以下是我使用AxMan发现的远程代码执行漏洞： http ： //www.milw0rm.com/exploits/7910 。 Here are more exploits that I have written: http://www.milw0rm.com/author/677 . 以下是我写的更多漏洞： http ： //www.milw0rm.com/author/677 。 The best fuzzer is by far PeachFuzz , and writing a some pit files for it can be very fruitful research. 到目前为止，最好的模糊器是PeachFuzz ，为它编写一些坑文件可能是非常富有成效的研究。

Buffer overflows and sql injection are the most talked about, but there are a couple hundred categories for vulnerabilities and they are identified by CWE numbers . 缓冲区溢出和SQL注入是最受关注的问题，但漏洞有几百个类别，它们由CWE编号标识。 Its worth exploring, I think it will surprised you what NIST thinks a vulnerability is. 它值得探索，我认为它会让你惊讶NIST认为一个漏洞。