Keywords: Web Service Vulnerabilities, Web service Security, Web service selection, Vulnerability Taxonomy, Classification
The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces
security concerns that are to be carefully considered with the envisioned internet architecture.
In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider
not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we
also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service
construction and lack of service maintenance. In our analysis, we classify each of the studied vulnerability
according to a new taxonomy, discuss remedies and impact, and propose methods of detection
based on real-time analysis. Our analysis is supported by the results of a large scale study involving
over 2,000 real-world Web Services. Finally, we leverage our empirical finding by introducing a
proxy-based solution that shields services and clients from any possible attacks.