In the wild: A large scale study of web services vulnerabilities

Sushama Karumanchi, Anna Squicciarini

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service construction and service maintenance. In our analysis, we classify each of the studied vulnerability according to a new taxonomy, discuss remedies and impact, and propose methods of detection based on real-time analysis. Our analysis is supported by the results of a large scale study involving over 2,000 real-world Web Services. We note that many of the least studied vulnerabilities are present in the wild.

Original languageEnglish (US)
Title of host publicationProceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014
PublisherAssociation for Computing Machinery
Pages1239-1246
Number of pages8
ISBN (Print)9781450324694
DOIs
StatePublished - Jan 1 2014
Event29th Annual ACM Symposium on Applied Computing, SAC 2014 - Gyeongju, Korea, Republic of
Duration: Mar 24 2014Mar 28 2014

Other

Other29th Annual ACM Symposium on Applied Computing, SAC 2014
CountryKorea, Republic of
CityGyeongju
Period3/24/143/28/14

Fingerprint

Web services
Taxonomies
Interoperability
Internet

All Science Journal Classification (ASJC) codes

  • Software

Cite this

Karumanchi, S., & Squicciarini, A. (2014). In the wild: A large scale study of web services vulnerabilities. In Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014 (pp. 1239-1246). Association for Computing Machinery. https://doi.org/10.1145/2554850.2555010
Karumanchi, Sushama ; Squicciarini, Anna. / In the wild : A large scale study of web services vulnerabilities. Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014. Association for Computing Machinery, 2014. pp. 1239-1246
@inproceedings{569413f0f765471e8d0b2684ad0e13e7,
title = "In the wild: A large scale study of web services vulnerabilities",
abstract = "The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service construction and service maintenance. In our analysis, we classify each of the studied vulnerability according to a new taxonomy, discuss remedies and impact, and propose methods of detection based on real-time analysis. Our analysis is supported by the results of a large scale study involving over 2,000 real-world Web Services. We note that many of the least studied vulnerabilities are present in the wild.",
author = "Sushama Karumanchi and Anna Squicciarini",
year = "2014",
month = "1",
day = "1",
doi = "10.1145/2554850.2555010",
language = "English (US)",
isbn = "9781450324694",
pages = "1239--1246",
booktitle = "Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014",
publisher = "Association for Computing Machinery",

}

Karumanchi, S & Squicciarini, A 2014, In the wild: A large scale study of web services vulnerabilities. in Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014. Association for Computing Machinery, pp. 1239-1246, 29th Annual ACM Symposium on Applied Computing, SAC 2014, Gyeongju, Korea, Republic of, 3/24/14. https://doi.org/10.1145/2554850.2555010

In the wild : A large scale study of web services vulnerabilities. / Karumanchi, Sushama; Squicciarini, Anna.

Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014. Association for Computing Machinery, 2014. p. 1239-1246.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - In the wild

T2 - A large scale study of web services vulnerabilities

AU - Karumanchi, Sushama

AU - Squicciarini, Anna

PY - 2014/1/1

Y1 - 2014/1/1

N2 - The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service construction and service maintenance. In our analysis, we classify each of the studied vulnerability according to a new taxonomy, discuss remedies and impact, and propose methods of detection based on real-time analysis. Our analysis is supported by the results of a large scale study involving over 2,000 real-world Web Services. We note that many of the least studied vulnerabilities are present in the wild.

AB - The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service construction and service maintenance. In our analysis, we classify each of the studied vulnerability according to a new taxonomy, discuss remedies and impact, and propose methods of detection based on real-time analysis. Our analysis is supported by the results of a large scale study involving over 2,000 real-world Web Services. We note that many of the least studied vulnerabilities are present in the wild.

UR - http://www.scopus.com/inward/record.url?scp=84905667073&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84905667073&partnerID=8YFLogxK

U2 - 10.1145/2554850.2555010

DO - 10.1145/2554850.2555010

M3 - Conference contribution

AN - SCOPUS:84905667073

SN - 9781450324694

SP - 1239

EP - 1246

BT - Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014

PB - Association for Computing Machinery

ER -

Karumanchi S, Squicciarini A. In the wild: A large scale study of web services vulnerabilities. In Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014. Association for Computing Machinery. 2014. p. 1239-1246 https://doi.org/10.1145/2554850.2555010