Insecure JAX-WS Endpoint
Description
This method is part of a SOAP Web Service (JSR224) and its security should be analyzed, including authentication, access control, input validation, and secure communication over SSL.
Examples
Insecure Code
scala
Example of insecure JAX-WS endpoint: @javax.jws.WebMethod def myMethod(userInput: String) = {...}Secure Code
scala
Example of secure JAX-WS endpoint: @javax.jws.WebMethod def myMethod(@Valid userInput: String) = {...} with proper authentication, access control, and input validationRemediation
Analyze the security of the web service, ensuring proper authentication, access control, input validation, and secure communication over SSL.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0032 |
| Category | Web |
| Severity | MEDIUM |
| CWE | CWE-348 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | SOAP, Web Service, Security |
| OWASP | A7:2017-Cross-Site Scripting (XSS), A03:2021-Injection |