Extracting attack sessions from real traffic with intrusion prevention systems
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
An extensible pattern-based library and taxonomy of security threats for distributed systems
Computer Standards & Interfaces
| Hi-index | 0.00 |
The use of Web Services has begun to significantly impact organizations and companies. Major business oriented objectives in reducing costs, shortening time, and improving quality and productivity can be achieved by using the Web Services technology. The Web Services software technology enables software components independently developed in disparate platforms to interact and collaborate in a seamless manner. They constitute a loosely-coupled, distributed system that is highly scalable. However, they also inherit the potential vulnerabilities of such systems. As Web Services increase in complexity and connectivity, the associated security risks also increase exponentially. Many of the security breaches can be traced back to poor verification and validation tasks. In this paper, a study on security related software vulnerabilities in SOAP-based Web Services is presented. The security context of traditional Web applications is compared to that of Web Services. An attempt has been made to map common attack patterns to security verification requirements with regard to Web Service software systems.