Protection against denial of service and input manipulation vulnerabilities in service oriented architecture

Abstract

Organizations are increasingly adopting Service Oriented Architecture (SOA) to build their distributed applications. SOA is a computing paradigm, emphasizing dynamic service discovery composition and interoperability. Web services are a technology that can be used to implement SOA and are increasingly becoming the SOA implementation of choice. Because a Web service relies on some of the same underlying HTTP and Web-based architecture as common Web applications, it is susceptible to similar threats and vulnerabilities. There are many vulnerabilities in web services such as SQL injection, Denial of Service, etc. that cannot be detected by web service standards and conventional firewalls. In this paper, we present a detailed design of XML firewall that can be used to prevent different vulnerabilities by validating the input xml documents before being processed by the web services. Also the XML firewall does the function of authentication, authorization and session management. We designed a modular architecture for XML firewall where each module checks for a particular vulnerability. We have also developed methods to detect and prevent SQL injection and Denial of Service vulnerabilities. © 2011 Springer-Verlag.