• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>2013 IEEE International Conference on Technologies for Homeland Security >Cyber security for service oriented architectures in a Web 2.0 world: An overview of SOA vulnerabilities in financial services
【24h】

Cyber security for service oriented architectures in a Web 2.0 world: An overview of SOA vulnerabilities in financial services

机译:Web 2.0世界中面向服务的体系结构的网络安全:金融服务中的SOA漏洞概述

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Service oriented architecture is fast becoming ubiquitous enterprise software architecture standard in public and private sector alike. Study of literature and current attacks suggests that with the proliferation of Web API and RESTFul services, the attack vectors prioritized by OWASP top 10, including but not limited to cross site scripting (XSS), cross site request forgery (CSRF), injection, direct object reference, broken authentication and session management now equally apply to web services. In addition service oriented architecture relies heavily on XML/RESTFul web services which are vulnerable to XML Signature Wrapping Attack, Oversize Payload, Coercive parsing, SOAP Action Spoofing, XML Injection, WSDL Scanning, Metadata Spoofing, Oversized Cryptography, BPEL State Deviation, Instantiation Flooding, Indirect Flooding, WS-Addressing spoofing and Middleware Hijacking to name a few. In this paper, we review various such security issues pertaining to service oriented architecture. These and similar techniques, have been employed by Anonymous and other hacktivists, resulting in denial of service attacks on financial applications. While discussing the national security perils of hacktivism, there is an excessive focus on network layer security, and the application layer perspective is not always part of the discussion. In this research, we provide background information and rationale for securing application layer vulnerabilities to facilitate true defense in depth approach for cyber security.
机译:面向服务的体系结构正迅速成为公共部门和私有部门中无处不在的企业软件体系结构标准。有关文献资料和当前攻击的研究表明,随着Web API和RESTFul服务的激增,OWASP排在前10位的攻击向量优先,包括但不限于跨站点脚本(XSS),跨站点请求伪造(CSRF),注入,直接对象引用,断开的身份验证和会话管理现在同样适用于Web服务。此外,面向服务的体系结构严重依赖于XML / RESTFul Web服务,这些服务容易受到XML签名包装攻击,超大有效负载,强制解析,SOAP动作欺骗,XML注入,WSDL扫描,元数据欺骗,超大密码技术,BPEL状态偏差,实例化泛洪,间接泛洪,WS-Addressing欺骗和中间件劫持等。在本文中,我们回顾了与面向服务的体系结构有关的各种安全问题。这些和类似技术已被匿名者和其他黑客主义者所采用,导致拒绝对金融应用程序的服务攻击。在讨论黑客行为的国家安全风险时,过分关注网络层安全,而应用层的观点并不总是讨论的一部分。在这项研究中,我们提供了确保应用层漏洞安全的背景信息和原理,以促进真正的网络安全深度防御方法。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号