Protecting Database Centric Web Services against SQL/XPath Injection Attacks

Capítulo de livro Revisado por pares

Protecting Database Centric Web Services against SQL/XPath Injection Attacks

2009; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-03573-9_22

ISSN

1611-3349

Autores

Nuno Laranjeiro, Marco Vieira, Henrique Madeira,

Tópico(s)

Network Security and Intrusion Detection

Resumo

Web services represent a powerful interface for back-end database systems and are increasingly being used in business critical applications. However, field studies show that a large number of web services are deployed with security flaws (e.g., having SQL Injection vulnerabilities). Although several techniques for the identification of security vulnerabilities have been proposed, developing non-vulnerable web services is still a difficult task. In fact, security-related concerns are hard to apply as they involve adding complexity to already complex code. This paper proposes an approach to secure web services against SQL and XPath Injection attacks, by transparently detecting and aborting service invocations that try to take advantage of potential vulnerabilities. Our mechanism was applied to secure several web services specified by the TPC-App benchmark, showing to be 100% effective in stopping attacks, non-intrusive and very easy to use.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Protecting Database Centric Web Services against SQL/XPath Injection Attacks