Web Services Security in E-Business

2009 ◽  
pp. 2115-2130
Author(s):  
Wei-Chuen Yau ◽  
G. S. V. Radha Krishna Rao
Keyword(s):  
Web Services ◽  
Heterogeneous Network ◽  
Research Area ◽  
Future Trends ◽  
Business Systems ◽  
Business Services ◽  
Access Protocol ◽  
Core Components ◽  
Web Services Security ◽  
Business Web

Web services enable the communication of application- to-application in a heterogeneous network and computing environment. The powerful functionality of Web services has given benefits to enterprise companies, such as rapid integrating between heterogeneous e-business systems, easy implementation of e-business systems, and reusability of e-business services. While providing the flexibility for e-business, Web services tend to be vulnerable to a number of attacks. Core components of Web services such as simple object access protocol (SOAP), Web services description language (WSDL), and universal description, discovery, and integration (UDDI) can be exploited by malicious attacks due to lack of proper security protections. These attacks will increase the risk of e-business that employs Web services. This chapter aims to provide a state-of-the-art view of Web services attacks and countermeasures. We examine various vulnerabilities in Web services and then followed by the analysis of respective attacking methods. We also discuss preventive countermeasures against such attacks to protect Web services deployments in e-business. Finally, we address future trends in this research area.

Web Services Security in E-Business

2007 ◽  
pp. 165-183
Author(s):  
Wei-Chuen Yau ◽  
G. S. V. Radha Krishna Rao
Keyword(s):  
Web Services ◽  
Heterogeneous Network ◽  
Research Area ◽  
Future Trends ◽  
Business Systems ◽  
Business Services ◽  
Access Protocol ◽  
Core Components ◽  
Web Services Security ◽  
Business Web

Web services enable the communication of application-to-application in a heterogeneous network and computing environment. The powerful functionality of Web services has given benefits to enterprise companies, such as rapid integrating between heterogeneous e-business systems, easy implementation of e-business systems, and reusability of e-business services. While providing the flexibility for e-business, Web services tend to be vulnerable to a number of attacks. Core components of Web services such as simple object access protocol (SOAP), Web services description language (WSDL), and universal description, discovery, and integration (UDDI) can be exploited by malicious attacks due to lack of proper security protections. These attacks will increase the risk of e-business that employs Web services. This chapter aims to provide a state-of-the-art view of Web services attacks and countermeasures. We examine various vulnerabilities in Web services and then followed by the analysis of respective attacking methods. We also discuss preventive countermeasures against such attacks to protect Web services deployments in e-business. Finally, we address future trends in this research area.

Web Services Security in E-Business

2011 ◽  
pp. 952-968
Author(s):  
Wei-Chuen Yau ◽  
G. S. V. Radha Krishna Rao
Keyword(s):  
Web Services ◽  
Heterogeneous Network ◽  
Research Area ◽  
Future Trends ◽  
Business Systems ◽  
Business Services ◽  
Access Protocol ◽  
Core Components ◽  
Web Services Security ◽  
Business Web

Web services enable the communication of application-to-application in a heterogeneous network and computing environment. The powerful functionality of Web services has given benefits to enterprise companies, such as rapid integrating between heterogeneous e-business systems, easy implementation of e-business systems, and reusability of e-business services. While providing the flexibility for e-business, Web services tend to be vulnerable to a number of attacks. Core components of Web services such as simple object access protocol (SOAP), Web services description language (WSDL), and universal description, discovery, and integration (UDDI) can be exploited by malicious attacks due to lack of proper security protections. These attacks will increase the risk of e-business that employs Web services. This chapter aims to provide a state-of-the-art view of Web services attacks and countermeasures. We examine various vulnerabilities in Web services and then followed by the analysis of respective attacking methods. We also discuss preventive countermeasures against such attacks to protect Web services deployments in e-business. Finally, we address future trends in this research area.

Web Services Security

2008 ◽  
pp. 334-408
Author(s):  
Manuel Mogollon
Keyword(s):  
Web Services ◽  
Key Management ◽  
Markup Language ◽  
Access Protocol ◽  
Xml Encryption ◽  
Extensible Markup ◽  
Xml Signature ◽  
Web Services Security ◽  
Open Standards ◽  
Security Assertion Markup Language

A service is an application offered by an organization that can be accessed through a programmable interface. Web services allow computers running on different operating platforms to access and share each other’s databases by using open standards, such as extensible markup language (XML) and simple object access protocol (SOAP). In this chapter, the following Web services mechanisms are discussed: (1) XML encryption, XML signature, and XML key management specification (XKMS); (2) security assertion markup language (SAML); and (3) Web services security (WS-security).

Security in Service-Oriented Architecture

2008 ◽  
pp. 1-21
Author(s):  
Srinivas Padmanabhuni ◽  
Hemant Adarkar
Keyword(s):  
Web Services ◽  
Service Oriented Architecture ◽  
Future Trends ◽  
Online Systems ◽  
Pragmatic Analysis ◽  
Service Oriented ◽  
Web Services Security ◽  
Soa Security ◽  
Security Standards

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security equirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.

Security in Service-Oriented Architecture

2008 ◽  
pp. 496-512
Author(s):  
Srinivas Padmanabhuni ◽  
Hemant Adarkar
Keyword(s):  
Web Services ◽  
Service Oriented Architecture ◽  
Future Trends ◽  
Online Systems ◽  
Pragmatic Analysis ◽  
Service Oriented ◽  
Web Services Security ◽  
Soa Security ◽  
Security Standards

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security equirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.

WS-Security on PRODML

2014 ◽  
Vol 1 (1) ◽  
pp. 9-34
Author(s):  
Bobby Suryajaya
Keyword(s):  
Web Services ◽  
Digital Signature ◽  
Data Transfer ◽  
Web Services Security ◽  
Soap Message ◽  
Simulation Results ◽  
End To End

SKK Migas plans to apply end-to-end security based on Web Services Security (WS-Security) for Sistem Operasi Terpadu (SOT). However, there are no prototype or simulation results that can support the plan that has already been communicated to many parties. This paper proposes an experiment that performs PRODML data transfer using WS-Security by altering the WSDL to include encryption and digital signature. The experiment utilizes SoapUI, and successfully loaded PRODML WSDL that had been altered with WSP-Policy based on X.509 to transfer a SOAP message.

Sign in / Sign up

Export Citation Format

Share Document