Although in principle independent of any particular messaging protocol, Web Services are primarily accessed using SOAP over HTTP in practice. As SOAP provides no message security at all, other ways of securing messages are necessary. This paper summarizes the most important security model for SOAP, WS-Security, and its related specifications. We explore the advantages of one particular approach...

Context: Static Application Security Testing (SAST) and Runtime Protection (RASP) are important complementary techniques used for detecting enforcing application-level security policies in web applications. Inquiry: The current state of the art, however, does not allow a safe efficient combination SAST RASP based on shared set policies, forcing developers to reimplement maintain same their enfo...

In recent years, with the frequent occurrence of security incidents, enterprises and organizations have now realized the importance of designing a safety information system. Today, information systems are heavily relied on web and database technologies, thus the risks and threats those technologies faced will also affect the security of information systems. Web and database security technologie...

Nowadays, web applications are popular targets for security attackers. Using specific security mechanisms, we can prevent or detect a security attack on a web application, but we cannot find out the criminal who has carried out the security attack. Being unable to trace back an attack, encourages hackers to launch new attacks on the same system. Web application forensics aims to trace back and ...

Web service is a distributed computing model constructed on the basis of open standard technology with the characteristics of loose coupling, language neutrality, platform-independence, etc., how to efficiently evaluate the security of Web service is a challenging research topic. Current researches concern more about the testing of Web service and rarely about the issue of service security eval...

Web services security constitutes the technological and managerial procedures applied to the system to ensure the confidentiality, integrity, and availability of information that is exchanged by the Web service. This article explores security issues specific to Web services and illustrates the engineering and testing practices required to ensure security throughout the Web services development ...

Semantic Web is maturing day by day and data and information integration is growing and becoming crucial. Security is one of the key features of the future Internet‟s security. So it is necessary harnessing the synergy in biometrics and in Semantic Web. It can leverage the lack of widely accepted biometrics security standards along with Semantic Web technologies to protect, represent, store and...

Web applications are one of the most prevalent platforms for information and services delivery over Internet today. As they are increasingly used for critical services, web applications become a popular and valuable target for security attacks. Although a large body of techniques have been developed to fortify web applications and and mitigate the attacks toward web applications, there is littl...

In recent years, web applications have evolved from small websites into large multi-tiered applications. The quality of web applications depends on the richness of contents, well structured navigation and most importantly its security. Web application testing is a new field of research so as to ensure the consistency and quality of web applications. In the last ten years there have been differe...

This paper provides directions for web and e-commerce applications security. In particular, access control policies, workflow security, XML security and federated database security issues pertaining to the web and ecommerce applications are discussed.