TY - GEN
T1 - In the wild
T2 - 29th Annual ACM Symposium on Applied Computing, SAC 2014
AU - Karumanchi, Sushama
AU - Squicciarini, Anna Cinzia
N1 - Copyright:
Copyright 2014 Elsevier B.V., All rights reserved.
PY - 2014
Y1 - 2014
N2 - The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service construction and service maintenance. In our analysis, we classify each of the studied vulnerability according to a new taxonomy, discuss remedies and impact, and propose methods of detection based on real-time analysis. Our analysis is supported by the results of a large scale study involving over 2,000 real-world Web Services. We note that many of the least studied vulnerabilities are present in the wild.
AB - The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service construction and service maintenance. In our analysis, we classify each of the studied vulnerability according to a new taxonomy, discuss remedies and impact, and propose methods of detection based on real-time analysis. Our analysis is supported by the results of a large scale study involving over 2,000 real-world Web Services. We note that many of the least studied vulnerabilities are present in the wild.
UR - http://www.scopus.com/inward/record.url?scp=84905667073&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84905667073&partnerID=8YFLogxK
U2 - 10.1145/2554850.2555010
DO - 10.1145/2554850.2555010
M3 - Conference contribution
AN - SCOPUS:84905667073
SN - 9781450324694
T3 - Proceedings of the ACM Symposium on Applied Computing
SP - 1239
EP - 1246
BT - Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014
PB - Association for Computing Machinery
Y2 - 24 March 2014 through 28 March 2014
ER -