Protecting ASP.NET Web Services

Securing Web Services ◽

10.4018/978-1-59904-639-6.ch009 ◽

2008 ◽

pp. 206-227

Author(s):

Konstantin Beznosov

Keyword(s):

Best Practices ◽

Web Services ◽

Web Service ◽

Real World ◽

Lessons Learned ◽

Security Policies ◽

Design Decisions ◽

Financial Organization ◽

Security Infrastructure ◽

Application Specific

This chapter reports on our experience of designing and implementing an architecture for protecting enterprise-grade Web service applications hosted by ASP.NET. Security mechanisms of Microsoft ASP.NET container—a popular hosting environment for Web services—have limited scalability, flexibility, and extensibility. They are therefore inade-quate for hosting enterprise-scale applications that need to be protected according to diverse and/or complex application-specific security policies. To overcome the limitations of ASP.NET security, we developed a flexible and extensible protection architecture. Deployed in a real-world security solution at a financial organization, the architecture enables integra-tion of ASP.NET into the organizational security infrastructure with reduced effort on the part of Web Service developers. Throughout this report, we discuss our design decisions, suggest best practices for constructing flexible and extensible authentication and authoriza-tion logic for Web Services, and share lessons learned.

Download Full-text

Approaches and Best Practices in Web Service Style, XML Data Binding and Validation – Implications to Securing Web Services

Securing Web Services ◽

10.4018/978-1-59904-639-6.ch013 ◽

2008 ◽

pp. 318-344 ◽

Cited By ~ 1

Author(s):

Asif Akram ◽

David Meredith

Keyword(s):

Best Practices ◽

Web Services ◽

Web Service ◽

Best Practice ◽

Xml Data ◽

Application Security ◽

Practice Recommendations ◽

Data Binding ◽

Data Typing

This chapter shows how the WSDL interface style (RPC / Document), strength of data typing and approach to data binding and validation have important implications on application security (and interoperability). This is because some (common) bad-practices and poor implementation choices can render a service vulnerable to the consequences of propagating loosely bound or poorly constrained data. The chosen Web service style and strength of data typing dictate how SOAP messages are constructed and serialized, and to what extent SOAP messages can be constrained and secured during validation. The chosen approach to binding and validation dictates how and where the SOAP-body and SOAP-header (which includes the security constructs) are handled in the application, and also determines the reliability of message parsing. The authors show how these Web service styles and implementation choices must be carefully considered and applied correctly by providing implementation examples and best practice recommendations.

Download Full-text

A Stitch in Time Saves Nine: Early Improving Code-First Web Services Discoverability

International Journal of Cooperative Information Systems ◽

10.1142/s0218843015500045 ◽

2015 ◽

Vol 24 (02) ◽

pp. 1550004 ◽

Cited By ~ 4

Author(s):

Cristian Mateos ◽

Marco Crasso ◽

Alejandro Zunino ◽

José Luis Ordiales Coscia

Keyword(s):

Web Services ◽

Web Service ◽

Real World ◽

Service Discovery ◽

Statistical Correlation ◽

Web Service Discovery ◽

Computing Paradigm ◽

Service Oriented ◽

Wsdl Documents ◽

Pattern Occurrences

Web Services represent a number of standard technologies and methodologies that allow developers to build applications under the Service-Oriented Computing paradigm. Within these, the WSDL language is used for representing Web Service interfaces, while code-first remains the de facto standard for building such interfaces. Previous studies with contract-first Web Services have shown that avoiding a specific catalog of bad WSDL specification practices, or anti-patterns, can reward Web Service publishers as service understandability and discoverability are considerably improved. In this paper, we study a number of simple and well-known code service refactorings that early reduce anti-pattern occurrences in WSDL documents. This relationship relies upon a statistical correlation between common OO metrics taken on a service's code and the anti-pattern occurrences in the generated WSDL document. We quantify the effects of the refactorings — which directly modify OO metric values and indirectly alter anti-pattern occurrences — on service discovery. All in all, we show that by applying the studied refactorings, anti-patterns are reduced and Web Service discovery is significantly improved. For the experiments, a dataset of real-world Web Services and an academic service registry have been employed.

Download Full-text

RuCAS

International Journal of Software Innovation ◽

10.4018/ijsi.2015070105 ◽

2015 ◽

Vol 3 (3) ◽

pp. 57-68 ◽

Cited By ~ 2

Author(s):

Hiroki Takatsuka ◽

Sachio Saiki ◽

Shinsuke Matsumoto ◽

Masahide Namamura

Keyword(s):

Web Services ◽

Web Service ◽

Real World ◽

Cloud Services ◽

Home Network ◽

Network System ◽

Context Aware ◽

Uniform Manner ◽

Context Aware Service

Machine-to-Machine (M2M) systems and cloud services provide various kinds of data via distributed Web services. A context-aware service recognizes real-world contexts from such data and behaves autonomously. However, it has been challenging to manage contexts and services defined on the heterogeneous and distributed Web services. In this paper, the authors propose a framework, called RuCAS, which systematically creates and manages context-aware service using various Web services. RuCAS describes every context-aware service by an ECA (Event-Condition-Action) rule. For this, an event is a context triggering the service, a condition is a set of contexts to be satisfied for execution, and the action is a set of Web services to be executed by the service. Thus, every context-aware service is managed in a uniform manner. Since RuCAS is published as a Web service, created contexts and services are reusable. As a case study, RuCAS is applied to a real home network system.

Download Full-text

Classification of Web-Service-Based Attacks and Mitigation Techniques

Security and Privacy Management, Techniques, and Protocols - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-5583-4.ch015 ◽

2018 ◽

pp. 360-378

Author(s):

Hossain Shahriar ◽

Victor Clincy ◽

William Bond

Keyword(s):

Best Practices ◽

Web Services ◽

Web Service ◽

Development Phase ◽

Mitigation Techniques

Web services are being widely used for business integration. Understanding what these web services are and how they work is important. Attacks on these web services are a major concern and can expose an organizations' valuable resources. This chapter performs a survey describing web service attacks. The authors provide a taxonomy of web service vulnerabilities and explain how they can be exploited. This chapter discusses some of the approaches that make up best practices and some that are in the development phase. They also discuss some common approaches to address the vulnerabilities. This chapter discusses some of the approaches to be using in planning and securing web services. Securing web services is a very important part of a cybersecurity plan.

Download Full-text

Personalized Service Recommendation Based on Trust Relationship

Scientific Programming ◽

10.1155/2017/4106134 ◽

2017 ◽

Vol 2017 ◽

pp. 1-8 ◽

Cited By ~ 3

Author(s):

Hao Tian ◽

Peifeng Liang

Keyword(s):

Web Services ◽

Web Service ◽

User Experience ◽

Real World ◽

Rapid Development ◽

Service Recommendation ◽

Personalized Service ◽

Trust Relationship ◽

The Past ◽

Trust Relationships

With the rapid development and extensive application of Web services, various approaches for Web service recommendation have been proposed in the past. However, the traditional methods only utilize the information of the user-service rating matrix but ignore the trust relations between users, so their recommendation precision is often unsatisfactory, and, furthermore, most of these methods lack the ability to distinguish the credibility of recommendation. To address the problems, we proposed a personalized service recommendation based on trust relationship. In particular, our approach takes into account user experience, interest background, recommendation effect, and evaluation tendency in the formalization of trust relationship, and moreover it can filter out useless or suspected services by exploiting trust relationships between users. To verify the proposed approach, we conducted experiments by using a real-world Web services set. The experimental results show that our proposed approach leads to a substantial increase in the precision and the credibility of service recommendations.

Download Full-text

A Retrospective on the Development of Web Service Specifications

Securing Web Services ◽

10.4018/978-1-59904-639-6.ch002 ◽

2008 ◽

pp. 22-49 ◽

Cited By ~ 1

Author(s):

Shrideep Pallickara ◽

Geoffrey Fox ◽

Mehmet Aktas ◽

Harshawardhan Gadgil ◽

Beytullah Yildiz ◽

...

Keyword(s):

Web Services ◽

Web Service ◽

Service Oriented Architecture ◽

Design Decisions ◽

Architecture Model ◽

Lessons Learnt ◽

Service Oriented

In this chapter we present a discussion on our experiences with the development of Web Service specifications. Web Services, and the Service Oriented Architecture model engendered therein, have gained significant traction in recent years with deployments in ever increasing domains. In this chapter we describe our experiences with several Web Service specifications. In general lessons learnt, and design decisions made, during these implementations would be applicable to several other specifications. The authors hope that their insights and experiences with the development of Web Service specifications would be beneficial to other researchers in this area in formulating a strategy for the development of systems based on Web Services.

Download Full-text

Web service support for collaboration between demographers

Computer Science and Information Systems ◽

10.2298/csis111214018d ◽

2012 ◽

Vol 9 (2) ◽

pp. 943-960

Author(s):

Mirjana Devedzic ◽

Vladan Devedzic ◽

Sonja Radenkovic

Keyword(s):

Web Services ◽

Social Science ◽

Web Service ◽

Research Group ◽

Lessons Learned ◽

University Research ◽

Social Scientists ◽

Research Project ◽

Daily Work ◽

Service Support

The paper promotes the use of novel Web services in the daily work and research of social scientists and other professionals. The case presented in the paper pertains to demographers and their research, but the technology used is generic and can be easily instantiated for use by other social science researchers. Specifically, the case covers facilitating collaboration between a university research group in the field of demography and professionals in the field of demographic statistics. The technology used is a set of new Web services developed as parts of an EU research project. The paper explains the case itself and the motivation for using the services, describes the services themselves, and discusses the experience acquired and the benefits and lessons learned by using the services so far.

Download Full-text

Detecting Vulnerabilities in Web Services

Performance and Dependability in Service Computing - Advances in Web Technologies and Engineering ◽

10.4018/978-1-60960-794-4.ch018 ◽

2012 ◽

pp. 402-426

Author(s):

Nuno Antunes ◽

Marco Vieira

Keyword(s):

Web Services ◽

Web Service ◽

Case Studies ◽

Lessons Learned ◽

Vulnerability Detection ◽

Software Bugs ◽

Common Time ◽

The Common ◽

Critical Components ◽

Specific Scenario

Although web services are becoming business-critical components, they are often deployed with software bugs that can be maliciously exploited. Numerous developers are not specialized on security and the common time-to-market constraints limit an in-depth testing for vulnerabilities. In this context, vulnerability detection tools have a very important role helping the developers to produce less vulnerable code. However, developers usually select a tool to use and rely on its results without knowing its real effectiveness. This chapter presents two case studies on the effectiveness of several well-known vulnerability detection tools and discusses their strengths and limitations. Based on lessons learned, the chapter also proposes a benchmarking technique that can be used to select the tool that best fits a specific scenario. The main goal is to provide web service developers with information on how much they can rely on widely used vulnerability detection tools and on how to select the most adequate tool.

Download Full-text

Web Services: A Comparison of Soap and Rest Services

Modern Applied Science ◽

10.5539/mas.v12n3p175 ◽

2018 ◽

Vol 12 (3) ◽

pp. 175 ◽

Cited By ~ 5

Author(s):

Festim Halili ◽

Erenis Ramadani

Keyword(s):

Best Practices ◽

Web Services ◽

Web Service ◽

Simple Object Access Protocol ◽

The Other ◽

Architecture Design ◽

Access Protocol ◽

Representational State Transfer ◽

Advantages And Disadvantages ◽

State Transfer

The interest on Web services has been growing rapidly in these couple of years since their start of use. A web service would be described as a method for exchanging/communicating information between devices over a network. Often, when deciding which service would fit on the architecture design to develop a product, then the question rises which service to use and when?SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) are the two most used protocols to exchange messages, so choosing one over the other has its own advantages and disadvantages. In this paper we have addressed the differences and best practices when to use one over the other.

Download Full-text

Parallelizing Web Service Upload \ Download files

International Journal of Advanced Research in Computer Science and Software Engineering ◽

10.23956/ijarcsse.v8i3.563 ◽

2018 ◽

Vol 8 (3) ◽

pp. 15

Author(s):

Mustapha Mohammed Baua'a

Keyword(s):

Web Services ◽

Response Time ◽

Web Service ◽

File System ◽

Programming Environment

The I\O file system Read\Write operations are considered the most significant characteristics. Where, many researchers focus on their works on how to decrease the response time of I\O file system read\write operations. However, most articles concentrate on how to read\write content of the file in parallelism manner. Here in this paper, the author considers the parallelizing Read\Write whole file bytes not only its contents. A case study has been applied in order to make the idea more clear. It talks about two techniques of uploading\downloading files via Web Service. The first one is a traditional way where the files uploaded and downloaded serially. While the second one is uploaded\ downloaded files using Java thread in order to simulate parallelism technique. Java Netbeans 8.0.2 have been used as a programming environment to implement the Download\Upload files through Web Services. Validation results are also presented via using Mat-lab platform as benchmarks. The visualized figures of validation results are clearly clarifying that the second technique shows better response time in comparison to the traditional way.

Download Full-text