Some security issues for web based frameworks

Roberts-Morpeth, P.; Ellman, Jeremy

doi:10.1109/csndsp16145.2010.5580329

Cited by 3 publications

(1 citation statement)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Only secure Web services can guarantee the safety of diversified Web applications. However, at present, SQL (Structured Query Language) injection, cross-site scripting, and other Web service attacks are still constantly emerging because of various security holes [1]. Most communications between applications based on Web services require the trust of their partners, which reduces the wide spread of Web services [2].…”

Section: Introductionmentioning

confidence: 99%

An improved security framework for Web service-based resources

Jiang¹,

Xu²,

Dong³

et al. 2016

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

Web service-based application has become one of the dominative ones of the Internet. This trend brings more and more security challenges in reliability, confidentiality, and data nonrepudiation, especially in some systems that have massive diversified resources. An improved framework for secure accesses of Web resources is presented and implemented by extending and enhancing the Spring Security framework. It improves the security level of systems for identity authentication, authorized access, and secure transmission. The highly safe authentication is based on the integration of an improved authentication module of Spring Security with a U-key method and a RSA algorithm. For authorized access, the Spring Security's ACL (access control list) mechanism is improved by optimizing the domain object-level access control. For secure transmission, a compromising method is presented to take both the security level and the speed of data transmission into account by means of mixing the RSA and DES algorithms. In addition, the security interceptor of Spring Security is extended and a series of security filters are added to keep Web attacks away. The above improved security framework has been applied to an online virtual experiment platform named VeePalms. The experimental results show that most security problems with high severity in the system have been solved and medium-low severe problems decreased dramatically. Moreover, VeePalms has been used in practice for about 2 years, which has proved the effectiveness of the security framework.

show abstract

Section: Introductionmentioning

confidence: 99%