I think an attack vector that is often under-analyze is the web service.  There’s no user interface, so what’s the real danger? Cross-Site Scripting (which accounts for about 53% of all application vulnerabilities) is completely useless since there is no HTML response.  And how would one even use this tool without a user interface? Well, […]