The service contract for Service A uses an XML schema that does not specify the maximum length for the CustomerAddress XML element. A service consumer sends a message that contains a very long string of characters inside the CustomerAddress XML element. This can be an indication of what types of attacks?
The use of derived keys is based on symmetric encryption. This is similar to asymmetric encryption because different keys can be derived from a session key and used separately for encryption and decryption.
Service A's logic has been implemented using managed code. An attacker sends an XML bomb to Service A. As a result, Service A's memory consumption started increasing at an alarming rate and then decreased back to normal. The service was not affected by this attack and quickly recovered. Which of the following attacks were potentially avoided?
Which of the following statements is true?
Service A requires message confidentiality using message-layer security. You are asked to create a security policy for Service A that communicates its confidentiality requirements. However, you have not yet determined the type of encryption mechanism that will be used to enable message confidentiality. What types of binding assertions can you use to convey what service consumers should expect in the WS-Security header of SOAP messages exchanged by the service?
The difference between the Exception Shielding and Message Screening patterns is in how the core service logic processes incoming messages received by malicious service consumers?
An XML bomb attack and an XML external entity attack are both considered types of XML parser attacks.
Message screening logic and exception shielding logic can co-exist in a single perimeter guard service.
Service A, residing outside the private network of an organization, provides logic that sanitizes message error information on behalf of other services that reside inside the private network, behind a firewall. Where is the vulnerability in this architecture?
The Message Screening pattern can be applied to a service acting as a trusted subsystem for an underlying database. That way, the database would be protected from SOL injection attacks.
The same security policy has been redundantly implemented as part of the service contracts for Web services A, B and C. In order to reduce the effort of maintaining multiple redundant service policies, it has been decided to centralize policy enforcement across these three services. Which of the following industry standards will need to be used for Web services A, B and C in order for their service contracts to share the same security policy document?
The Service Perimeter Guard pattern is applied to position a perimeter service outside of the firewall. The firewall only permits the perimeter service to access services within a specific service inventory. Which of the following statements describes a valid problem with this security architecture?