Welcome to the InfoSci Platform
Reference Hub1
On Interoperability Failures in WS-Security: The XML Signature Wrapping Attack

On Interoperability Failures in WS-Security: The XML Signature Wrapping Attack

Nils Gruschka, Meiko Jensen, Florian Kohlar, Lijun Liao
Copyright: © 2011 |Pages: 21
ISBN13: 9781609604851|ISBN10: 1609604857|EISBN13: 9781609604868
DOI: 10.4018/978-1-60960-485-1.ch025
Cite Chapter Cite Chapter

MLA

Gruschka, Nils, et al. "On Interoperability Failures in WS-Security: The XML Signature Wrapping Attack." Electronic Business Interoperability: Concepts, Opportunities and Challenges, edited by Ejub Kajan, IGI Global, 2011, pp. 615-635. https://doi.org/10.4018/978-1-60960-485-1.ch025

APA

Gruschka, N., Jensen, M., Kohlar, F., & Liao, L. (2011). On Interoperability Failures in WS-Security: The XML Signature Wrapping Attack. In E. Kajan (Ed.), Electronic Business Interoperability: Concepts, Opportunities and Challenges (pp. 615-635). IGI Global. https://doi.org/10.4018/978-1-60960-485-1.ch025

Chicago

Gruschka, Nils, et al. "On Interoperability Failures in WS-Security: The XML Signature Wrapping Attack." In Electronic Business Interoperability: Concepts, Opportunities and Challenges, edited by Ejub Kajan, 615-635. Hershey, PA: IGI Global, 2011. https://doi.org/10.4018/978-1-60960-485-1.ch025

Export Reference

Mendeley
Favorite

Abstract

The rise in adoption of the Web Services specifications for inter-organizational business processes has led to the development of complex architecture stacks for processing Web Services messages. In particular, the proper use of the WS-Security specification poses a real challenge in terms of manageability and interoperability to adopting companies of today. This chapter is about an example of such complexity causing severe vulnerabilities in terms of security. More precise, it discusses the XML Signature Wrapping attack, which is one of the most severe attack types in Web Services. Starting with a technical description and a real-world attack incident, the chapter explains the rationale and impact of the attack, along with a brief discussion on mitigation and countermeasures.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.