Communications of the IIMA


In recent years, Representational State Transfer or REST-based Web Services have become popular for building Web systems. They have become an integral and critical part of information systems to facilitate and integrate the business processes across the enterprise. However, the simplicity of a REST-based implementation has caused the neglect of its systematic security threat analysis and design. One of the issues of systems built with REST services integration is their susceptibility to JSON input attacks. Such attacks could compromise the integrity of critical data in enterprise business processes. We analyze such a security issue in this paper. Some mechanisms used to secure Web sites and servers, such as encryption via HTTPS, static source code analysis, and input validation, can be integrated to defend against the attack.