Unraveling the Web Services Web: An Introduction to SOAP, WSDL, and UDDI
IEEE Internet Computing
Design and code inspections to reduce errors in program development
Software pioneers
ACM SIGPLAN Notices
Service-Oriented Architecture: Concepts, Technology, and Design
Service-Oriented Architecture: Concepts, Technology, and Design
Preventing SQL injection attacks using AMNESIA
Proceedings of the 28th international conference on Software engineering
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Using Automated Fix Generation to Secure SQL Statements
ICSEW '07 Proceedings of the 29th International Conference on Software Engineering Workshops
The web application hacker's handbook: discovering and exploiting security flaws
The web application hacker's handbook: discovering and exploiting security flaws
On automated prepared statement generation to remove SQL injection vulnerabilities
Information and Software Technology
Improving Web Services Robustness
ICWS '09 Proceedings of the 2009 IEEE International Conference on Web Services
Hi-index | 0.00 |
Web services represent a powerful interface for back-end database systems and are increasingly being used in business critical applications. However, field studies show that a large number of web services are deployed with security flaws (e.g., having SQL Injection vulnerabilities). Although several techniques for the identification of security vulnerabilities have been proposed, developing non-vulnerable web services is still a difficult task. In fact, security-related concerns are hard to apply as they involve adding complexity to already complex code. This paper proposes an approach to secure web services against SQL and XPath Injection attacks, by transparently detecting and aborting service invocations that try to take advantage of potential vulnerabilities. Our mechanism was applied to secure several web services specified by the TPC-App benchmark, showing to be 100% effective in stopping attacks, non-intrusive and very easy to use.