Threats

  • Message data may be malformed for malicious intentions such as injection attacks

Vulnerabilities

  • XML serialization helps validate some data types as XML data from the message is transformed into .Net data types – but this does not prevent against malicious content within a string being used for XML or SQL injection attacks etc.
  • Client side validation cannot be trusted by a service

Countermeasures