An Empirical Study of Security Threats and Countermeasures in Web Services-Based Services Oriented Architectures
As enterprises deploy Services Oriented Architecture (SOA), Web Services Security and Management has become the cornerstone of successful architectures. The greatest potential of Web Services is through re-usability and flexibility. This required flexibility in turn leads to significant security and management challenges. Enterprises migrating to SOA face security challenges such as malicious and malformed SOAP messages parser vulnerabilities and Denial of Service attacks over Web Services. Discovering Web Service Vulnerabilities and Compliance Violations and establishing countermeasure policies for Web Services security threats across large enterprises need to be addressed through standards-based products. This paper explores typical Web Services implementations, threat identification methods, and countermeasures against Web Services vulnerabilities.
Unable to display preview. Download preview PDF.
- 1.Ort, E.: Service-Oriented Architecture and Web Services: Concepts, Technologies, and Tools. Sun Developer Network (April 2005)Google Scholar
- 2.W3C, Web Services Description Language (WSDL) 1.1 (March 2001), http://www.w3.org/TR/wsdl
- 3.Nystorm, M.G.: North Carolina State University: Securing Web Services (March 2004)Google Scholar
- 4.Associated Press (June 2005), http://www.securitypipleine.com
- 5.W3C, SOAP Messages with Attachments (December 2000), http://www.w3.org/TR/SOAP-attachments
- 6.RosettaNet Press, Industry Standard Facilities Product Material Composite Exchange, May 31 (2005), http://www.rosettanet.org/
- 7.Griffin, B.: An Introduction to Viruses and Malicious Code, Part One: Overview (November 2000), http://www.securityfocus.com
- 8.Nazario, J.: The Future of Internet Worms, Black Hat Proceedings, Las Vegas (2001)Google Scholar
- 9.Shetty, S.: Introduction to Spyware Keyloggers (March 2005), http://www.securityfocus.com
- 10.Howard, M., LeBlanc, D., Viega, J.: 19 Deadly Sins of Software Security. McGraw-Hill, New York (2005)Google Scholar