Last post Oct 09, 2014 04:01 AM by AidyF
Oct 09, 2014 01:20 AM|saurabh.15in|LINK
I am facing a security issue in WCF Service. Need help !!
Some of my WCF Services are exposed to internet via ESB(BizTalk) as a Web API (for mobile). The issue raised by Application security team is as below.
Communication is happening as below:
Client---SSL-JSON-----> ESB(SSL Certificate istalled at ESB)-----SOAP--->WCF Service ( Standard process)
Burp proxy Interception
Client --SSL--->Burp Proxy---SSL--->ESB---->WCF Service
(here Burp proxy become server for Client and burp proxy become Client for ESB)
Services are exposed on SSL but they are able to intercept and change message using Burp proxy. Client does not want any custom message level encryption using some common algorithm or using some common key. What else we can do to make it secure?
My thought is, if we can make some public/private key encryption, that would solve the issue, but don't know how to do this for message level security in JSOn Coomunication.
We can not applu WS-Security as from ESB, it become restful Web API.
Looking for some help !!
Oct 09, 2014 04:01 AM|AidyF|LINK
This isn't a programming issue, instead tell the client they need to spend effort to protect against malicious hackers installing and managing to properly configure proxy servers on the network.