What might be threats in WCF response?

Question

What are the different types of threats that could occur while receiving WCF response?. And what might be the mitigation plan to prevent these type of threats?

Note: This query is based on WCF threat modeling concepts.

Answer 1

The biggest threat with any API is that its an attack surface. You are exposing functionality that could be vulnerable to common vulnerabilities such as SQL Injection and Directory Traversal.

When it comes to a WCF response, it depends how the data is being used. For instance if you are fetching data from a WCF interface and then building a query you could still be vulnerable to SQL Injection! If you are fetching that data and then displaying it on an HTML page then you cloud be vulnerable to XSS.

The vulnerabilities that are possible depend entirely on how the data is being used. You shouldn't trust any data source, not even your own database. Make sure that you sanitize data at the time of use. Use parametrized quires to stop SQLi.