1. Home
  2. Web App Vulnerabilities
  3. How to remediate – SOAP API Detected
Searching...

How to remediate – SOAP API Detected

Contents

1. Introduction

A SOAP API has been detected on your systems. This means a Simple Object Access Protocol Application Programming Interface is running, allowing applications to communicate with each other using XML messages. While not inherently insecure, SOAP APIs can introduce vulnerabilities if not properly secured. A successful attack could compromise confidentiality, integrity and availability of data processed by the API.

2. Technical Explanation

SOAP APIs rely on XML for message exchange. The main technical risk is insufficient input validation or improper handling of XML payloads, which can lead to injection attacks like XML External Entity (XXE) or denial-of-service. Exploitation typically involves sending a crafted XML request that contains malicious code or data.

  • Root cause: Missing or inadequate input validation on SOAP API requests allowing for the processing of untrusted XML data.
  • Exploit mechanism: An attacker sends a specially crafted XML payload containing malicious content, such as an XXE attack to read local files or a denial-of-service payload causing excessive resource consumption. For example, an XXE payload could look like this: ]>&xxe;
  • Scope: Affected platforms include any system running a SOAP API service, such as web servers (IIS, Apache) and application servers (Java EE containers, .NET frameworks). Specific versions depend on the underlying software stack.

3. Detection and Assessment

Confirming a SOAP API’s presence is the first step. Then assess its security configuration.

  • Quick checks: Check web server configurations for WSDL file locations (e.g., *.wsdl extensions).
  • Scanning: Use vulnerability scanners with Web Service scanning capabilities, looking for signature IDs related to SOAP API vulnerabilities (example only – specific signatures vary by scanner).
  • Logs and evidence: Examine application logs for XML parsing errors or suspicious activity related to SOAP message processing. Look for patterns indicating attempts to exploit XXE or other XML-based attacks.
curl -I https://yourdomain.com/api/soapservice?wsdl

4. Solution / Remediation Steps

Secure the SOAP API by validating inputs and applying appropriate security measures.

4.1 Preparation

  • Ensure you have access to the underlying application code and deployment environment. A roll back plan is to restore from the previous backup.
  • Changes may require a maintenance window, depending on the complexity of the fix and potential impact on dependent systems. Approval from the relevant IT team lead may be needed.

4.2 Implementation

  1. Step 1: Implement robust input validation for all SOAP API requests, rejecting any XML data that does not conform to expected schemas or contains potentially malicious characters.
  2. Step 2: Disable external entity resolution in your XML parser configuration to prevent XXE attacks.
  3. Step 3: Enforce strict access controls and authentication mechanisms for the SOAP API service.

4.3 Config or Code Example

Before

# In PHP, without disabling external entities:
$xml = simplexml_load_string($soapRequest);

After

# In PHP, with disabling external entities:
libxml_disable_entity_loader(true);
$xml = simplexml_load_string($soapRequest);
libxml_enable_entity_loader(false);

4.4 Security Practices Relevant to This Vulnerability

List only practices that directly address this vulnerability type. Use neutral wording and examples instead of fixed advice. For example: least privilege, input validation, safe defaults, secure headers, patch cadence. If a practice does not apply, do not include it.

  • Practice 1: Input Validation – Validate all incoming data to ensure it conforms to expected formats and schemas, preventing malicious code injection.
  • Practice 2: Least Privilege – Grant the SOAP API service only the minimum necessary permissions required for its operation, limiting the potential impact of a successful attack.

4.5 Automation (Optional)

# Example PowerShell script to update XML parser settings:
# This is a simplified example and may require adjustments based on your environment.
# Set-ExecutionPolicy RemoteSigned -Force # Enable script execution (if needed)
# Stop-Service "YourSoapApiService" # Stop the service before making changes
# Add-Content -Path "C:Program FilesYourSoapApiServiceconfig.xml" -Value "true"
# Start-Service "YourSoapApiService" # Restart the service

5. Verification / Validation

Confirm that the fix has been applied and is effective in preventing attacks.

  • Post-fix check: Check your web server configuration to confirm external entity resolution is disabled for XML parsing.
  • Re-test: Re-run the earlier detection method (e.g., sending a crafted XXE payload) to verify that it is no longer successful.
  • Monitoring: Monitor application logs for XML parsing errors or suspicious activity related to SOAP message processing, looking for any attempts to exploit vulnerabilities.
curl -I https://yourdomain.com/api/soapservice?wsdl # Should return a 200 OK response without errors

6. Preventive Measures and Monitoring

Suggest only measures that are relevant to the vulnerability type. Use “for example” to keep advice conditional, not prescriptive.

  • Baselines: Update your security baseline or policy to include requirements for input validation and secure XML parsing configurations (e.g., CIS control 10).
  • Asset and patch process: Implement a regular patch review cycle for all systems running SOAP APIs, ensuring that the latest security updates are applied promptly.

7. Risks, Side Effects, and Roll Back

  • Risk or side effect 2: Incorrect XML parsing configuration can lead to application errors. Mitigation: Thoroughly review and validate any changes made to XML parser settings.
  • Roll back: Restore from the previous backup of your web server configuration and application code. Re-enable external entity resolution if necessary.

8. References and Resources

  • Vendor advisory or bulletin: Check your SOAP API vendor’s website for specific security recommendations.
  • NVD or CVE entry: Search the National Vulnerability Database (NVD) for relevant CVE entries related to SOAP API vulnerabilities.
  • Product or platform documentation relevant to the fix: Refer to your web
Updated on December 27, 2025

Was this article helpful?

Yes No

Related Articles