This is my second post on “scary web services”. The first one was focused on how web services can be daunting to testers. My intent with this post is to offer a view from the defensive, on why those who host web services in their company should find them “scary”, by outlining a few of the more common vulnerabilities with them.
And if you are in an industry that’s under regulatory scrutiny, your web services may be required to use encryption. If you are running web service then make sure you do not fall trap to these three common problems.