XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment.
Web services have become a powerful interface for backend database systems which provides many services such as automatic purchasing, inventory tracking and clinical management. However, along the benefit of Web services, comes a serious risk of security breaches. Most Web services are deployed with...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Advanced Institute of Convergence Information Technology
2013
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/30654/ http://psasir.upm.edu.my/id/eprint/30654/1/XIPS.pdf |
| _version_ | 1848846739635699712 |
|---|---|
| author | Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan |
| author_facet | Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan |
| author_sort | Asmawi, Aziah |
| building | UPM Institutional Repository |
| collection | Online Access |
| description | Web services have become a powerful interface for backend database systems which provides many services such as automatic purchasing, inventory tracking and clinical management. However, along the benefit of Web services, comes a serious risk of security breaches. Most Web services are deployed with security flaws and these vulnerabilities expose them to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the back end of Web services. This paper proposes XIPS, a prevention mechanism against Blind XPath injection attacks within Web services environment. The prevention mechanism employs the model-based approach to detect malicious queries and thwart them before they are executed on the Web services back end database. This approach uses run time monitoring to check on the dynamically-generated queries and compares them against the statistically-built model. The employment of the XIPS architecture should be able to prevent Web services from any kinds of XPath injection attacks. |
| first_indexed | 2025-11-15T09:07:30Z |
| format | Article |
| id | upm-30654 |
| institution | Universiti Putra Malaysia |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T09:07:30Z |
| publishDate | 2013 |
| publisher | Advanced Institute of Convergence Information Technology |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | upm-306542015-09-07T03:41:32Z http://psasir.upm.edu.my/id/eprint/30654/ XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan Web services have become a powerful interface for backend database systems which provides many services such as automatic purchasing, inventory tracking and clinical management. However, along the benefit of Web services, comes a serious risk of security breaches. Most Web services are deployed with security flaws and these vulnerabilities expose them to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the back end of Web services. This paper proposes XIPS, a prevention mechanism against Blind XPath injection attacks within Web services environment. The prevention mechanism employs the model-based approach to detect malicious queries and thwart them before they are executed on the Web services back end database. This approach uses run time monitoring to check on the dynamically-generated queries and compares them against the statistically-built model. The employment of the XIPS architecture should be able to prevent Web services from any kinds of XPath injection attacks. Advanced Institute of Convergence Information Technology 2013-06 Article PeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/30654/1/XIPS.pdf Asmawi, Aziah and Affendey, Lilly Suriani and Udzir, Nur Izura and Mahmod, Ramlan (2013) XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. International Journal of Advancements in Computing Technology, 5 (10). pp. 69-77. ISSN 2005-8039; ESSN:2233-9337 |
| spellingShingle | Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. |
| title | XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. |
| title_full | XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. |
| title_fullStr | XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. |
| title_full_unstemmed | XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. |
| title_short | XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. |
| title_sort | xips : a model-based prevention mechanism for preventing blind xpath injection in database-centric web services environment. |
| url | http://psasir.upm.edu.my/id/eprint/30654/ http://psasir.upm.edu.my/id/eprint/30654/1/XIPS.pdf |