v18 Web services verification requirementsΒΆ
- 18.1 Web Service client and server use same encoding
- 18.2 Web Service admin is limited to admins
- 18.3 XML or JSON schemas are used properly
- 18.4 Input is size limited
- 18.5 SOAP services comply to WS-I Basic Profile
- 18.6 Session based authentication and authorization is used
- 18.7 REST service is not vulnerable to CSRF
- 18.8 REST service verifies Content-Type
- 18.9 Message payload is signed
- 18.10 No alternative (insecure) access paths