Model-based system architecture for preventing XPath injection in database-centric web services environment
Web services have become a powerful interface for back-end database systems. It is a self-describing component that can be used by other applications in a platform-independent manner. However, along the benefit of Web services, comes a serious risk of security breaches. Most web services are deploye...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
IEEE
2012
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/47685/2/Model-based%20system%20architecture%20for%20preventing%20XPath%20injection%20in%20database-centric%20web%20services%20environment.pdf http://psasir.upm.edu.my/id/eprint/47685/ http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6530409&queryText=universiti%20putra%20malaysia&pageNumber=3&newsearch=true |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Putra Malaysia |
| Language: | English |
| Summary: | Web services have become a powerful interface for back-end database systems. It is a self-describing component that can be used by other applications in a platform-independent manner. However, along the benefit of Web services, comes a serious risk of security breaches. Most web services are deployed with security flaws and these vulnerabilities make them exposed to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the backend of web services. This paper proposes a system architecture for prevention mechanism against XPath injection attacks within web services. The prevention mechanism employs the model-based approach to detect malicious queries and prevent them before they are executed on the web services backend database. This approach uses runtime monitoring to check on the dynamically-generated queries and compares them against the statistically-built model. |
|---|