Improving Web Application Security: Threats and - CGISecurity

Chapter 12: Building Secure Web Services 339For more information, see the “Specifying the Parts of a SOAP Message that areSigned or Encrypted” section in the WSE documentation.Parameter ManipulationParameter manipulation in relation to Web services refers to the threat of an attackeraltering the message payload in some way while the message request or response isin transit between the consumer and service.To address this threat, you can digitally sign a SOAP message to allow the messagerecipient to cryptographically verify that the message has not been altered since itwas signed. For more information, see the “Digitally Signing a SOAP Message”section in the WSE documentation.Exception ManagementException details returned to the consumer should only contain minimal levels ofinformation and not expose any internal implementation details. For example,consider the following system exception that has been allowed to propagate to theconsumer.System.Exception: User not in managers roleat EmployeeService.employee.GiveBonus(Int32 empID, Int32 percentage) inc:\inetpub\wwwroot\employeesystem\employee.asmx.cs:line 207The exception details shown above reveal directory structure and other details to theservice consumer. This information can be used by a malicious user to footprint thevirtual directory path and can assist with further attacks.Web Services can throw three types of exceptions:● SoapException objects.These can be generated by the CLR or by your Web method implementation code.● SoapHeaderException objectsThese are generated automatically when the consumer sends a SOAP request thatthe service fails to process correctly.● Exception objectsA Web service can throw a custom exception type that derives fromSystem.Exception. The precise exception type is specific to the error condition. Forexample, it might be one of the standard .NET Framework exception types such asDivideByZeroException, or ArgumentOutOfRangeException and so on.