|
A Large Scale Study of Web Service
Vulnerabilities Pennsylvania State University, USA
Abstract The pervasiveness of Web Services, compounded with seamless
interoperability characteristics, introduces security concerns that are to be
carefully considered with the envisioned internet architecture. In this
paper, we propose a comprehensive study on Web Service vulnerabilities. We
consider not only well known Web-based vulnerabilities such as SQL injection,
session replay etc, but we also analyze Web-Service
specific vulnerabilities and their potential of attacks due to poor service
construction and lack of service maintenance. In our analysis, we classify
each of the studied vulnerability according to a new taxonomy, discuss
remedies and impact, and propose methods of detection based on real-time
analysis. Our analysis is supported by the results of a large scale study
involving over 2,000 real-world Web Services. Finally, we leverage our
empirical finding by introducing a proxy-based solution that shields services
and clients from any possible attacks. Keywords: Web
Service Vulnerabilities, Web service Security, Web service selection, +: Corresponding author: Sushama Karumanchi Journal of Internet Services and Information Security (JISIS), 5(1): 53-69, February 2015 [pdf] |