When you work with a talented team of penetration testers, after a while only the most noteworthy vulnerabilities stand out in the collective memory....

During a recent engagement we ran into a web service endpoint that was using WS-Security for authentication, specifically it was using the “Username....