Within a service composition, two Web services are using certificates in order to ensure message integrity and sender's authenticity. The certificates are included with every message exchange. Recently, the performance of these message exchanges has degraded. How can the performance be improved without compromising message integrity and message authenticity?
A service uses specialized logic to compare the size of a request message to the maximum allowable size that is specified for request messages. Upon a mismatch, the service triggers an error that results in the issuance of a message with detailed error information. What type of attack does this specialized logic not help protect the service from?
The use of XML schemas for data validation helps avoid several types of data-centric threats.
The Message Screening pattern can be used to avoid which of the following types of attacks?
Service A is a Web service that accesses the Student table in a shared database in order to store XML-based student records. When invoked, the GetStudent operation of Service A uses a Student ID value to retrieve the record of a single student by executing an XPath query. An attacker sends a malicious message that manipulates the XPath query to return all the student records. Which of the following attacks was carried out?