Attacks on web services and mitigation schemes
| dc.contributor.author | Patel, V. | |
| dc.contributor.author | Mohandas, R. | |
| dc.contributor.author | Pais, A.R. | |
| dc.date.accessioned | 2026-02-06T06:40:46Z | |
| dc.date.issued | 2010 | |
| dc.description.abstract | Web Services have become dependable platform for e-commerce and many B2B models. Extensive adaptation of Web Services has resulted in a bunch of standards such as WS-Security, WS-Trast etc. to support business and security requirements for the same. Majority of the web services are offered over Http with Simple Object Access Protocol (SOAP) as an underlying exchange infrastructure. This paper describes attacks targeted at Web Services such as XML injection, XSS injection, HTTP header manipulation, sending stale message and other protocol specific attacks. We have used XML Re-Writing mechanism to perform "timestamp modification attack" and WS-Trast, WS-SecureConversation protocols attack. Schemas stated in WSDL file may not be accurate enough to validate messages effectively; Schemas should reflect structure of all possible genuine requests. Hence, we have proposed a new self-adaptive schema hardening algorithm to obtain fine-tuned schema that can be used to validate SOAP messages more effectively. We have also proposed mitigation techniques to counter attacks using MIME/DIME attachments. | |
| dc.identifier.citation | SECRYPT 2010 - Proceedings of the International Conference on Security and Cryptography, 2010, Vol., , p. 499-504 | |
| dc.identifier.uri | https://doi.org/ | |
| dc.identifier.uri | https://idr.nitk.ac.in/handle/123456789/33134 | |
| dc.subject | Attachment scanner | |
| dc.subject | Attacks on web services | |
| dc.subject | Frankenstein message | |
| dc.subject | Schema hardening | |
| dc.subject | Schema validation | |
| dc.subject | WS-Security | |
| dc.subject | WS-Trust | |
| dc.subject | XML injection | |
| dc.subject | XSS injection | |
| dc.title | Attacks on web services and mitigation schemes |