Detecting SQL Injection Vulnerabilities in Web Services

2009 ◽  
Author(s):  
Nuno Antunes ◽  
Marco Vieira
Keyword(s):  
Web Services ◽  
Sql Injection

scholarly journals Enhancement of Web Security Against External Attack

2017 ◽  
Vol 13 (15) ◽  
pp. 228
Author(s):  
Md. Fazlul Haque ◽  
Mohammad Badrul Alam Miah ◽  
Fuyad Al Masud
Keyword(s):  
Web Services ◽  
Web Application ◽  
Real Life ◽  
Web Security ◽  
Vital Role ◽  
Security Vulnerabilities ◽  
Sql Injection ◽  
Web Based ◽  
Security Issues ◽  
Proposed Model

The security of web-based services is currently playing a vital role for the software industry. In recent years, many technologies and standards have emerged in order to handle the security issues related to web services. This paper shows techniques to enhance the security of web services, and some of the recent challenges and recommendations of a proposed model to secure web services. It shows the security process of a real life web application, which includes; HTML5 forms, login security, and a single signon solution. This paper also aim to discuss the ten (10) most common web security vulnerabilities and how to prevent the web application from three (3) of the vulnerabilities. Amongst them are; SQL Injection, Cross Site Scripting and Broken Authentication, and Session Management.

scholarly journals Analysis of Vulnerability Detection Tool for Web Services

2018 ◽  
Vol 7 (3.12) ◽  
pp. 773
Author(s):  
Senthamil Preethi K ◽  
Murugan A
Keyword(s):  
Web Services ◽  
False Positive Rate ◽  
Vulnerability Detection ◽  
Sql Injection ◽  
Detection Tool ◽  
Positive Rate ◽  
Application Requirements ◽  
Low Coverage ◽  
Day By Day ◽  
The Web

The demand of the web services requirement is increasing day by day, because of this the security of the web services was under risk. To prevent from distinct types of attacks the developer needs to select the vulnerability detection tools, since many tools are available in the market the major challenging task for the developer to find the best tool which suitable for his application requirements. The recent study shows that many vulnerability detection tools provide a low coverage as far as vulnerability detection and higher false positive rate. In this paper, proposed a benchmarking method to accessing and comparing the efficiency of vulnerability detection tools in the web service environment. This method was used to illustrate the two benchmarks for SQL injection and cross site scripting. The first one is depending on predefined set of web services and next one permits user to identify the workload (User defined web services). Proposed system used the open source and commercial tools to test the application with benchmarking standards. Result shows that the benchmarks perfectly depict the efficiency of vulnerability detection tools. 

WS-Security on PRODML

2014 ◽  
Vol 1 (1) ◽  
pp. 9-34
Author(s):  
Bobby Suryajaya
Keyword(s):  
Web Services ◽  
Digital Signature ◽  
Data Transfer ◽  
Web Services Security ◽  
Soap Message ◽  
Simulation Results ◽  
End To End

SKK Migas plans to apply end-to-end security based on Web Services Security (WS-Security) for Sistem Operasi Terpadu (SOT). However, there are no prototype or simulation results that can support the plan that has already been communicated to many parties. This paper proposes an experiment that performs PRODML data transfer using WS-Security by altering the WSDL to include encryption and digital signature. The experiment utilizes SoapUI, and successfully loaded PRODML WSDL that had been altered with WSP-Policy based on X.509 to transfer a SOAP message.

A Design of a Network Model to the Electric Power Trading System Using Web Services

2004 ◽  
Vol 124 (1) ◽  
pp. 176-181
Author(s):  
Tomoaki Maruo ◽  
Keinosuke Matsumoto ◽  
Naoki Mori ◽  
Masashi Kitayama ◽  
Yoshio Izumi
Keyword(s):  
Web Services ◽  
Electric Power ◽  
Network Model ◽  
Trading System ◽  
Power Trading
Sign in / Sign up

Export Citation Format

Share Document