loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Vipul Patel ; Radhesh Mohandas and Alwyn R. Pais

Affiliation: Information Security Research Lab, National Institute of Technology Karnataka, India

Keyword(s): Attacks on Web Services, XML Injection, XSS Injection, Schema Validation, Schema Hardening, Attachment Scanner, WS-Trust, WS-Security, Frankenstein Message.

Related Ontology Subjects/Areas/Topics: Data and Application Security and Privacy ; Enterprise Information Systems ; Formal Methods ; Information and Systems Security ; Information Systems Analysis and Specification ; Methodologies and Technologies ; Operational Research ; Security ; Security for Grid Computing ; Security in Information Systems ; Security Management ; Simulation and Modeling

Abstract: Web Services have become dependable platform for e-commerce and many B2B models. Extensive adaptation of Web Services has resulted in a bunch of standards such as WS-Security, WS-Trust etc. to support business and security requirements for the same. Majority of the web services are offered over Http with Simple Object Access Protocol (SOAP) as an underlying exchange infrastructure. This paper describes attacks targeted at Web Services such as XML injection, XSS injection, HTTP header manipulation, sending stale message and other protocol specific attacks. We have used XML Re-Writing mechanism to perform “timestamp modification attack” and WS-Trust, WS-SecureConversation protocols attack. Schemas stated in WSDL file may not be accurate enough to validate messages effectively; Schemas should reflect structure of all possible genuine requests. Hence, we have proposed a new self-adaptive schema hardening algorithm to obtain fine-tuned schema that can be used to validate SOAP messages mor e effectively. We have also proposed mitigation techniques to counter attacks using MIME/DIME attachments. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 13.59.234.182

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Patel, V.; Mohandas, R. and R. Pais, A. (2010). ATTACKS ON WEB SERVICES AND MITIGATION SCHEMES. In Proceedings of the International Conference on Security and Cryptography (ICETE 2010) - SECRYPT; ISBN 978-989-8425-18-8; ISSN 2184-3236, SciTePress, pages 499-504. DOI: 10.5220/0002960104990504

@conference{secrypt10,
author={Vipul Patel. and Radhesh Mohandas. and Alwyn {R. Pais}.},
title={ATTACKS ON WEB SERVICES AND MITIGATION SCHEMES},
booktitle={Proceedings of the International Conference on Security and Cryptography (ICETE 2010) - SECRYPT},
year={2010},
pages={499-504},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002960104990504},
isbn={978-989-8425-18-8},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography (ICETE 2010) - SECRYPT
TI - ATTACKS ON WEB SERVICES AND MITIGATION SCHEMES
SN - 978-989-8425-18-8
IS - 2184-3236
AU - Patel, V.
AU - Mohandas, R.
AU - R. Pais, A.
PY - 2010
SP - 499
EP - 504
DO - 10.5220/0002960104990504
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic