S
steve813
Hello everyone,
I am working on a web service which has to go through a security
review. My problem is the default Web Service Helper Page (the one
generated by Visual Studio) does not guard against SQL Injection
attacks. They added parameters to URL like:
https://server.company.com/Services/myService/Service.asmx?WSDL=\'
https://server.company.com/Services/myService/Service.asmx?WSDL='
https://server.company.com/Services/myService/Service.asmx?WSDL=;
All of these modifications to the URL results in a page error with no
handling which results in a poor coding error on the page generated by
Visual Studio.
So, I implemented wsdlHelpGenerator to give a generic page but the
security folks now say there's no code... Ahhhhh!!! How can I
update the default Web Service Helper Page (the one generated by Visual
Studio) to protect it against SQL Injection attacks? I have a class to
find these attacks in my code but I have no idea how to protect the
WSDL= from an attack.
Thank you,
Steve
I am working on a web service which has to go through a security
review. My problem is the default Web Service Helper Page (the one
generated by Visual Studio) does not guard against SQL Injection
attacks. They added parameters to URL like:
https://server.company.com/Services/myService/Service.asmx?WSDL=\'
https://server.company.com/Services/myService/Service.asmx?WSDL='
https://server.company.com/Services/myService/Service.asmx?WSDL=;
All of these modifications to the URL results in a page error with no
handling which results in a poor coding error on the page generated by
Visual Studio.
So, I implemented wsdlHelpGenerator to give a generic page but the
security folks now say there's no code... Ahhhhh!!! How can I
update the default Web Service Helper Page (the one generated by Visual
Studio) to protect it against SQL Injection attacks? I have a class to
find these attacks in my code but I have no idea how to protect the
WSDL= from an attack.
Thank you,
Steve