A Security Framework for Input Validation

Author

Brinhosa, Rafael Bosse ; Westphall, Carlos Becker ; Westphall, C.M.

Author_Institution

Technol. Center, Postgraduate Program in Comput. Sci., Fed. Univ. of Santa Catarina, Santa Catarina

fYear

2008

fDate

25-31 Aug. 2008

Firstpage

88

Lastpage

92

Abstract

Input manipulation attacks are becoming one of the most common attacks against Web applications and Web services security. As the use of firewalls and other security mechanisms are not effective against application-level attacks, new means of defense are needed. This paper presents a framework proposal to solve this problem, securing applications against input manipulation attacks. The proposed mechanism offers a reusable approach by the use of XML files and a XML Schema for security parameters specification. Furthermore, a case of study and experiment results are presented. The experiment demonstrates how common input manipulation flaws could be observed.

Keywords

Web services; XML; security of data; Web application security; Web service security; XML schema; application-level attacks; input manipulation attacks; input validation; security framework; security parameter specification; Application software; Computer network management; Computer security; Conference management; Databases; Information security; Technology management; Testing; Web services; XML; Input Manipulation; Input Validation; Security; Web Applications; Web Services;

fLanguage

English

Publisher

ieee

Conference_Titel

Emerging Security Information, Systems and Technologies, 2008. SECURWARE '08. Second International Conference on

Conference_Location

Cap Esterel

Print_ISBN

978-0-7695-3329-2

Electronic_ISBN

978-0-7695-3329-2

Type

conf

DOI

10.1109/SECURWARE.2008.67

Filename

4622566