Title :
A Security Framework for Input Validation
Author :
Brinhosa, Rafael Bosse ; Westphall, Carlos Becker ; Westphall, C.M.
Author_Institution :
Technol. Center, Postgraduate Program in Comput. Sci., Fed. Univ. of Santa Catarina, Santa Catarina
Abstract :
Input manipulation attacks are becoming one of the most common attacks against Web applications and Web services security. As the use of firewalls and other security mechanisms are not effective against application-level attacks, new means of defense are needed. This paper presents a framework proposal to solve this problem, securing applications against input manipulation attacks. The proposed mechanism offers a reusable approach by the use of XML files and a XML Schema for security parameters specification. Furthermore, a case of study and experiment results are presented. The experiment demonstrates how common input manipulation flaws could be observed.
Keywords :
Web services; XML; security of data; Web application security; Web service security; XML schema; application-level attacks; input manipulation attacks; input validation; security framework; security parameter specification; Application software; Computer network management; Computer security; Conference management; Databases; Information security; Technology management; Testing; Web services; XML; Input Manipulation; Input Validation; Security; Web Applications; Web Services;
Conference_Titel :
Emerging Security Information, Systems and Technologies, 2008. SECURWARE '08. Second International Conference on
Conference_Location :
Cap Esterel
Print_ISBN :
978-0-7695-3329-2
Electronic_ISBN :
978-0-7695-3329-2
DOI :
10.1109/SECURWARE.2008.67
