API based security solutions for communication among web services

The popularity of web services has largely influenced the way in which enterprise business is conducted. Since web services enable easy accessibility of data, dynamic connections, and relatively less human interventions, ensuring confidentiality and integrity of data that is transmitted via web services protocols becomes more significant. If a single service does not fulfill the service consumer requirements, it is necessary to compose several web services, which together satisfy the user requirements. Security attacks occur on SOAP messages that are communicated among web services while accessing a service or during service composition. Most of the existing works on web services security have provided solutions only for ensuring client authentication, confidentiality, and integrity of information in network layer and not in application layer. WS-Security and XML based web service security also provides message layer security in network layer and not in application layer. Hence, a novel approach that prevents the message alteration attack on SOAP messages and a security solution that detects and overcomes XML injection attack have been proposed in this paper. Our approach uses pluggable APIs in the service provider side and security services in the middleware side. The attacks were simulated and non-vulnerability of the proposed solutions to these attacks have been verified.