"Defense Against REST-based Web Service Attacks for Enterprise Systems" by Hsun-Ming Lee and Mayur R. Mehta

Home > CIIMA > Vol. 13 (2013) > Iss. 1

Communications of the IIMA

Article Title

Defense Against REST-based Web Service Attacks for Enterprise Systems

Authors

Hsun-Ming Lee, Texas State University
Mayur R. Mehta, Texas State University

Abstract

In recent years, Representational State Transfer or REST-based Web Services have become popular for building Web systems. They have become an integral and critical part of information systems to facilitate and integrate the business processes across the enterprise. However, the simplicity of a REST-based implementation has caused the neglect of its systematic security threat analysis and design. One of the issues of systems built with REST services integration is their susceptibility to JSON input attacks. Such attacks could compromise the integrity of critical data in enterprise business processes. We analyze such a security issue in this paper. Some mechanisms used to secure Web sites and servers, such as encryption via HTTPS, static source code analysis, and input validation, can be integrated to defend against the attack.

Recommended Citation

Lee, Hsun-Ming and Mehta, Mayur R. (2013) "Defense Against REST-based Web Service Attacks for Enterprise Systems," Communications of the IIMA: Vol. 13: Iss. 1, Article 5.
DOI: https://doi.org/10.58729/1941-6687.1207
Available at: https://scholarworks.lib.csusb.edu/ciima/vol13/iss1/5

Download

COinS