A Validation Model of Data Input for Web Services

Bosse Brinhosa, Rafael; Merkle Westphall, Carla; Becker Westphall, Carlos; Ricardo dos Santos, Daniel; Grezele, Fabio

Home // ICN 2013, The Twelfth International Conference on Networks // View article

A Validation Model of Data Input for Web Services

Authors:
Rafael Bosse Brinhosa
Carla Merkle Westphall
Carlos Becker Westphall
Daniel Ricardo dos Santos
Fabio Grezele

Keywords: Security; Web service; input validation; SOA

Abstract:
Web services inherited many well-known security problems of Web applications and brought new ones. Major data breaches today are consequences of bad input validation at the application level. This paper presents a way to implement an input validation model for Web services which can be used to prevent cross-site scripting and SQL injection through the use of predefined models which specify valid inputs. The proposed WSIVM (Web Services Input Validation Model) consists of an XML schema, an XML specification, and a module for performing input validation according to the schema. A case study showing the effectiveness and performance of this mechanism is also presented.

Pages: 87 to 94

Copyright: Copyright (c) IARIA, 2013

Publication date: January 27, 2013

Published in: conference

ISSN: 2308-4413

ISBN: 978-1-61208-245-5

Location: Seville, Spain

Dates: from January 27, 2013 to February 1, 2013