CAPEC-144
Detect Unpublicized Web Services
Description
An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.
Prerequisites
The targeted web site must include unpublished services within its web tree. The nature of these services determines the severity of this attack.