In the wild: A large scale study of web services vulnerabilities

Sushama Karumanchi, Anna Cinzia Squicciarini

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service construction and service maintenance. In our analysis, we classify each of the studied vulnerability according to a new taxonomy, discuss remedies and impact, and propose methods of detection based on real-time analysis. Our analysis is supported by the results of a large scale study involving over 2,000 real-world Web Services. We note that many of the least studied vulnerabilities are present in the wild.

Original languageEnglish (US)
Title of host publicationProceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014
PublisherAssociation for Computing Machinery
Pages1239-1246
Number of pages8
ISBN (Print)9781450324694
DOIs
StatePublished - Jan 1 2014
Event29th Annual ACM Symposium on Applied Computing, SAC 2014 - Gyeongju, Korea, Republic of
Duration: Mar 24 2014Mar 28 2014

Publication series

NameProceedings of the ACM Symposium on Applied Computing

Other

Other29th Annual ACM Symposium on Applied Computing, SAC 2014
CountryKorea, Republic of
CityGyeongju
Period3/24/143/28/14

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint Dive into the research topics of 'In the wild: A large scale study of web services vulnerabilities'. Together they form a unique fingerprint.

  • Cite this

    Karumanchi, S., & Squicciarini, A. C. (2014). In the wild: A large scale study of web services vulnerabilities. In Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014 (pp. 1239-1246). (Proceedings of the ACM Symposium on Applied Computing). Association for Computing Machinery. https://doi.org/10.1145/2554850.2555010