WSDL Denial of Service threat in Web Services

Mukhandi, M. (2015). WSDL Denial of Service threat in Web Services (MSc ASDF Dissertation). Edinburgh Napier University (Romdhani, I., Jackson, J.).


ISBN:
ISSN:

Abstract

Web service applications are constantly targeted by attackers because of the exposure
of metadata information over the internet. The services are designed in such a way
that are easily discovered by consumers in order to support service invocation.
Exposure of critical metadata information is a key part of the whole communication
because without exposing metadata information over the Internet, communication
between consumers and Web servers is nearly impossible. As a result Web servers are
vulnerable to all kind of attacks especially Denial of Service attacks. Use of Service
Oriented Architectures as a base of developing Web services has brought many
benefits in building Web service applications. Flexibility, interoperability and agility
are among of the main benefits brought by SOAs to enhance Web service applications.
Simple Object Application Protocol (SOAP), Web Service Description Language (WSDL)
are the integral parts of realizing Service Oriented Architectures. WSDL is the standard
used to describe Web services while SOAP is the standard used by Web services for
client-server communication. SOAP and WSDL are built over eXtensible Markup
Language (XML) so as to guarantee syntactic interoperability of client applications
with Web Servers during communication.
Despite the benefits that comes with the use of WSDL and SOAP protocol in building
Service Oriented Architectures. Unfortunately, this evolution has inherited DoS
vulnerabilities as well as introduced new complexities in protecting Web service
applications from Web attacks. Denial of Service attacks are the main threat to Web
providers simply because they have devastating effects. These kind of attacks can be
launched by simple tools and cause massive losses to victims. SOAP vulnerabilities
have been well studied by security researchers, the evidence can be seen in the effort
made in developing and establishing SOAP security standards. The main role played
by these standard is to secure both Web service infrastructure and its data. On the
other hand there is lack of research on WSDL vulnerabilities.
This dissertation is one of the first attempts to address the possible threat of Denial of
Service associated with WSDL technology. The author builds on past research
particularly on Web service Description Language, Service Oriented Architecture and
Denial of Service. In addition to addressing these areas, the dissertation also survey
techniques used by attackers to launch flooding attacks. Further, the author presents
current detection and Mitigation techniques used to detect and mitigate Web service
flooding attacks. The core contribution of this work is to provide an approach of
detecting and defending the threat of WSDL denial of service using Network Behaviour
Analysis.
[Read More]

Authors

Areas of Expertise

Associated Projects

    Keywords: security