In the wild: A large scale study of web services vulnerabilities

Sushama Karumanchi; Anna Cinzia Squicciarini

doi:10.1145/2554850.2555010

In the wild: A large scale study of web services vulnerabilities

Sushama Karumanchi, Anna Cinzia Squicciarini

College of Information Sciences and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service construction and service maintenance. In our analysis, we classify each of the studied vulnerability according to a new taxonomy, discuss remedies and impact, and propose methods of detection based on real-time analysis. Our analysis is supported by the results of a large scale study involving over 2,000 real-world Web Services. We note that many of the least studied vulnerabilities are present in the wild.

Original language	English (US)
Title of host publication	Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014
Publisher	Association for Computing Machinery
Pages	1239-1246
Number of pages	8
ISBN (Print)	9781450324694
DOIs	https://doi.org/10.1145/2554850.2555010
State	Published - 2014
Event	29th Annual ACM Symposium on Applied Computing, SAC 2014 - Gyeongju, Korea, Republic of Duration: Mar 24 2014 → Mar 28 2014

Publication series

Name	Proceedings of the ACM Symposium on Applied Computing

Other

Other	29th Annual ACM Symposium on Applied Computing, SAC 2014
Country/Territory	Korea, Republic of
City	Gyeongju
Period	3/24/14 → 3/28/14

All Science Journal Classification (ASJC) codes

Software

Access to Document

10.1145/2554850.2555010

Cite this

@inproceedings{569413f0f765471e8d0b2684ad0e13e7,

title = "In the wild: A large scale study of web services vulnerabilities",

abstract = "The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service construction and service maintenance. In our analysis, we classify each of the studied vulnerability according to a new taxonomy, discuss remedies and impact, and propose methods of detection based on real-time analysis. Our analysis is supported by the results of a large scale study involving over 2,000 real-world Web Services. We note that many of the least studied vulnerabilities are present in the wild.",

author = "Sushama Karumanchi and Squicciarini, {Anna Cinzia}",

year = "2014",

doi = "10.1145/2554850.2555010",

language = "English (US)",

isbn = "9781450324694",

series = "Proceedings of the ACM Symposium on Applied Computing",

publisher = "Association for Computing Machinery",

pages = "1239--1246",

booktitle = "Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014",

}

Karumanchi, S & Squicciarini, AC 2014, In the wild: A large scale study of web services vulnerabilities. in Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014. Proceedings of the ACM Symposium on Applied Computing, Association for Computing Machinery, pp. 1239-1246, 29th Annual ACM Symposium on Applied Computing, SAC 2014, Gyeongju, Korea, Republic of, 3/24/14. https://doi.org/10.1145/2554850.2555010

In the wild: A large scale study of web services vulnerabilities. / Karumanchi, Sushama; Squicciarini, Anna Cinzia.
Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014. Association for Computing Machinery, 2014. p. 1239-1246 (Proceedings of the ACM Symposium on Applied Computing).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - In the wild

T2 - 29th Annual ACM Symposium on Applied Computing, SAC 2014

AU - Karumanchi, Sushama

AU - Squicciarini, Anna Cinzia

PY - 2014

Y1 - 2014

N2 - The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service construction and service maintenance. In our analysis, we classify each of the studied vulnerability according to a new taxonomy, discuss remedies and impact, and propose methods of detection based on real-time analysis. Our analysis is supported by the results of a large scale study involving over 2,000 real-world Web Services. We note that many of the least studied vulnerabilities are present in the wild.

AB - The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service construction and service maintenance. In our analysis, we classify each of the studied vulnerability according to a new taxonomy, discuss remedies and impact, and propose methods of detection based on real-time analysis. Our analysis is supported by the results of a large scale study involving over 2,000 real-world Web Services. We note that many of the least studied vulnerabilities are present in the wild.

UR - http://www.scopus.com/inward/record.url?scp=84905667073&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84905667073&partnerID=8YFLogxK

U2 - 10.1145/2554850.2555010

DO - 10.1145/2554850.2555010

M3 - Conference contribution

AN - SCOPUS:84905667073

SN - 9781450324694

T3 - Proceedings of the ACM Symposium on Applied Computing

SP - 1239

EP - 1246

BT - Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014

PB - Association for Computing Machinery

Y2 - 24 March 2014 through 28 March 2014

ER -

In the wild: A large scale study of web services vulnerabilities

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this