The study outlines a number of security requirements that is typical of a host of Web-based applications using a case study of a real life online Web-based customer support system. It subsequently proposes a security solution that employs a combination of Web server security measures and cryptographic techniques. The Web server security measures include the formulation and implementation of a p...

This report documents the program and the outcomes of Dagstuhl Seminar 12401 “Web Application Security”. The seminar brought 44 web security researchers together, coming from companies and research institutions across Europe and the US. The seminar had a well-filled program, with 3 keynotes, 28 research talks, and 15 5-minute talks. As web application security is a broad research domain, a dive...

Web services may be able to publish easily their functions to the rest of the web world. At the same time they suffer by several security pitfalls. Currently, there is limited research on how the proposed web-services security countermeasures affect performance and applicability. In this paper, we introduce the threats/attacks vs. web-services authentication, present the most widely used securi...

There are numerous crucial factors that serve as a motivation to emphasize on security predicament in web engineering. These are broadly categorized as economic issues, people issues and legislative issues. Security has become the most critical matter of concern in today’s extremely complicated, web empowered, superfast information rich business environment. This paper presents the idea that an...

While in its early days, the Web was mostly static, it has organically grown into a full-fledged technology stack. This evolution has not followed a security blueprint, resulting in many classes of vulnerabilities specific to the Web. Even though the server-side code of the past has long since vanished, the Internet Archive gives us a unique view on the historical development of the Web’s clien...

Current trends in performing business-to-business transactions and enterprise application integration have been extended to the use of web service. With web services being accepted and deployed in both research and industrial areas, the security related issues become important. Web services security has attracted the attention of researchers in the area of security due to the proven fact that m...

Current trends in performing business-to-business transactions and enterprise application integration have been extended to the use of web service. With web services being accepted and deployed in both research and industrial areas, the security related issues become important. Web services security has attracted the attention of researchers in the area of security due to the proven fact that m...

Web service technology is a new technology for the Internet in recent years, and is extensively taken as the important technology in the next generation dynamic e-commerce. But the dynamic e-commerce’s development speed is affected by itself security, that’s the web service security. In this paper, the backgrounds and concepts of dynamic electronic commerce are introduced, and then its security...

Strangely enough, the Semantic Web has fallen behind the rest of the Web in terms of security. In particular, we note how TLS is not in use currently for the majority of URIs on the Semantic Web, and how existing Semantic Web standards need to be updated to take into account security best practices. We point out security and privacy flaws in WebID+TLS, and propose alternatives and solutions.

Web Services are regarded as the premier building blocks of Service-Oriented Architectures (SOA). Founding on specifications for basic communication patterns and message syntax, a lot of additional Web Service specifications that address non-functional requirements have been introduced. The most relevant specifications for these non-functional requirements deal with security aspects of Web Serv...