JDBC Checker: A Static Analysis Tool for SQL/JDBC Applications
Proceedings of the 26th International Conference on Software Engineering
SQL DOM: compile time checking of dynamic SQL statements
Proceedings of the 27th international conference on Software engineering
Safe query objects: statically typed objects as remotely executable queries
Proceedings of the 27th international conference on Software engineering
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
New Threats and Attacks on the World Wide Web
IEEE Security and Privacy
Eliminating SQL Injection Attacks - A Transparent Defense Mechanism
WSE '06 Proceedings of the Eighth IEEE International Symposium on Web Site Evolution
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Survey of security vulnerabilities in session initiation protocol
IEEE Communications Surveys & Tutorials
Hi-index | 0.00 |
International standard bodies such as the Parlay Group, 3GPP (Third Generation Partnership Project), and ETSI TISPAN describe an applications middleware in the form of open service access (OSA)/Parlay Application Programming Interfaces and Parlay X Web Services which allow multimedia applications to be implemented on top of different fixed and mobile network types. These established middleware services are also applicable to the new IP Multimedia Subsystem (IMS) forming the heart of emerging next generation networks. The main objective of this kind of middleware services is to simplify and unify service creation and - as applications are realized in so-called application servers which can be flexibly connected to dedicated network gateways - also to expose available network capabilities to third parties. This results in an inherent increase of security threats and increases the risk of attacks on network resources. This article describes the security requirements and challenges to Web services-based NGN middleware. Based on this analysis the paper presents the middleware security mechanisms at application level providing end-to-end security based on standard such as XML Digital Signatures, XML Encryption and SAML (Security Assertion Markup Language). Furthermore, we propose additional security means in the form of intrusion detection and prevention (IDP) system protecting applications middleware against SQL injection attacks which are not mitigated by existing solutions.