Proposal and development of the Web services input validation model

Author

Brinhosa, Rafael Bosse ; Westphall, Carla Merkle ; Westphall, Carlos Becker

Author_Institution

Dept. of Inf. & Stat., Fed. Univ. of Catarina, Florianópolis, Brazil

fYear

2012

fDate

16-20 April 2012

Firstpage

643

Lastpage

646

Abstract

The SOA architecture primarily based on Web services is experiencing a steady adoption, although its growth was lower than expected when it was launched, mainly because of security related concerns. Web services inherited many well-known security problems of Web applications and brought new ones. Major data breaches today are consequences of bad input validation at the application level. This paper presents a way to implement an input validation model for Web services which can be used to prevent cross-site scripting and SQL injection through the use of predefined models which specify valid inputs. The proposed WSIVM (Web Services Input Validation Model) consists of an XML schema, an XML specification, and a module for performing input validation according to the schema. A case study showing the effectiveness and performance of this mechanism is also presented.

Keywords

Web services; XML; formal specification; security of data; service-oriented architecture; SOA architecture; SQL injection; WSIVM; Web applications; Web services input validation model; XML schema; XML specification; cross-site scripting; security problems; Security; Service oriented architecture; Simple object access protocol; Standards; XML; SOA; Web service; input validation; security;

fLanguage

English

Publisher

ieee

Conference_Titel

Network Operations and Management Symposium (NOMS), 2012 IEEE

Conference_Location

Maui, HI

ISSN

1542-1201

Print_ISBN

978-1-4673-0267-8

Electronic_ISBN

1542-1201

Type

conf

DOI

10.1109/NOMS.2012.6211976

Filename

6211976