+ Start a Discussion
bs881026bs881026 

What are the vulnerabilities in testing Web Service

Hi,
As a Salesforce tester, can anyone please help me understand what are the vulnerabilities when testing a Webservice in salesforce.

Thanks.
NagendraNagendra (Salesforce Developers) 
Hi bs881026,

As a salesforce tester, you need to understand the below vulnerabilities while testing a web service class.

1)Debug output : https://developer.salesforce.com/docs/atlas.en-                  us.apexcode.meta/apexcode/apex_debugging_API_calls.htm

2)Fuzzing: http://security.stackexchange.com/questions/124521/
vulnerability-scanning-vs-fuzzing-a-web-application

3)XSS : https://developer.salesforce.com/docs/atlas.en-us.pages.meta/pages/pages_security_tips_xss.htm

4)SQLi: https://developer.salesforce.com/page/Secure_Coding_SQL_Injection

5)Malformed XML : https://www.soapui.org/security-testing/security-scans/malformed-xml.html

6)Malicious Attachment/File Upload : https://www.soapui.org/security-testing/security-scans/malicious-attachment.html

7)Improper Boundary Checking :
 https://cwe.mitre.org/data/definitions/119.html

8)XML Bomb (DoS) : https://www.soapui.org/security-testing/security-scans/xml-bomb.html

9)Basic Authentication: https://www.acunetix.com/vulnerabilities/
web/basic-authentication-over-http

10)SAML/OAuth/OpenIDauthentication: 
http://resources.infosecinstitute.com/
saml-oauth-openid/

Please mark my solution as the best answer if it helps you .......

Best Regards,
Nagendra.p