A Systematic Mapping Study on Web services Security Threats, Vulnerabilities, and Countermeasures
Keywords:
Web Services Security, Systematic Mapping Study, SOAP Message, Attacks, VulnerabilityAbstract
Web Services (WS) Technology during the past few years for heterogeneous systems integration, has become the reference architecture for those systems. Since it is extremely important nowadays for companies to make applications communicate over the internet, they are vulnerable to attacks in multiple forms. These attacks include SQL injection, XML injections, denial of service, XSS attacks, XPath, and spoofing, which makes implementing web service security critical to secure valuable data stored on computers and servers during data exchange operations over a network. Although web services provide many suggestions as solutions to reduce attacks and provide an element of security, there is no single solution to mitigate all attacks on it. This paper aims to present a Systematic Mapping Study (SMS) on web service security attack and suggested solutions to protect against them. There is still much research conduct in the field of web services security, which are dealing with the types of attacks and how to detect and limit them. SQL injection and a denial-of-service attack were found to be the most addressed of all attacks followed directly by XML injection. Proposed solutions for dealing with attacks were mainly focused on detection procedures for attacks using techniques such as XACML, SAML, and SOAP Enhancement.
