A survey of attacks on web services: Classification and countermeasures

被引：63

作者：

Jensen, Meiko ^{[1
]}

Gruschka, Nils ^{[2
]}

Herkenhoener, Ralph ^{[3
]}

机构：

[1] Ruhr Univ Bochum, Horst Gortz Inst IT Secur, Universitatsstr 150,IC4-150, D-44780 Bochum, Germany

[2] NEC Europe Ltd, IT Res Div, NEC Labs Europe, St Augustin, Germany

[3] Univ Passau, Inst IT Secur & Secur Law, Passau, Germany

来源：

COMPUTER SCIENCE-RESEARCH AND DEVELOPMENT | 2009年 / 24卷 / 04期

关键词：

Web Services; Security; Attacks; Denial of Service; Flooding Attacks; XML; WS-Security;

D O I：

10.1007/s00450-009-0092-6

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Being regarded as the new paradigm for Internet communication, Web Services have introduced a large number of new standards and technologies. Though founding on decades of networking experience, Web Services are not more resistant to security attacks than other open network systems. Quite the opposite is true: Web Services are exposed to attacks well-known from common Internet protocols and additionally to new kinds of attacks targeting Web Services in particular. Along with their severe impact, most of these attacks can be performed with minimum effort from the attacker's side. This article gives a survey of vulnerabilities in the context of Web Services. As a proof of the practical relevance of the threats, exemplary attacks on widespread Web Service implementations were performed. Further, general countermeasures for prevention and mitigation of such attacks are discussed.

引用

页码：185 / 197

页数：13

共 27 条

[1]

Andrews T., 2003, BUSINESS PROCESS EXE

[2]

BARTEL M, 2002, XML SIGNATURE SYNTAX

[3]

Bhargavan K., 2005, SWS 05, P1

[4]

Fernando R, 2006, TECH REP

[5]

GRUSCHKA N, 2006, P 2006 INT C SEM WEB

[6]

GRUSCHKA N, 2006, P IFIP TC 11 21 INT

[7]

Gruschka N, 2008, THESIS

[8]

GRUSCHKA N, 2006, P IEEE IST WORKSH MO

[9]

Gruschka N, 2007, P IEEE INT C WEB SER

[10]

Gruschka N, 2007, P 15 ITG GI FACHT KO, P371

← 1 2 3 →