XML Signature Wrapping (XSW) has been a relevant threat to web services for 15 years until today. Using the Personal Health Record (PHR), which is currently under development in Germany, we investigate a current SOAP-based web services system as a case study. In doing so, we highlight several deficiencies in defending against XSW. Using this real-world contemporary example as motivation, we introduce a guideline for more secure XML signature processing that provides practitioners with easier access to the effective countermeasures identified in the current state of research.
翻译:XSW(XSW) 15年来一直对网络服务构成相关的威胁。 利用德国目前正在开发的个人健康记录(PHR),我们调查目前基于SOAP的网络服务系统作为案例研究。 在这样做的过程中,我们强调在防范XSW方面的一些缺陷。 我们以这个现实世界当代的例子作为动机,为更安全的XML签名处理工作引入了准则,使从业人员更容易地获得目前研究状态中所确定的有效对策。
相关内容
微信扫码咨询专知VIP会员