Enhancing security of Web service against WSDL threats

Abstract

In recent years, the field of Web service security has evolved rapidly and various security technologies and standards have been proposed. We found from our investigation that there is a WSDL threat, hitherto not discussed in Web service security literature but equally important. WSDL documents are the guidebook for attacking and hacking the Web services. Since a WSDL document contains explicit instructions on how to communicate private application, they can cause a series security breach if the Web services are compromised. To the best of our knowledge, all standards which were presented by now tried to defend security problems of SOAP messages which are transferred between Web services. This paper is bringing into focus enhancing security of Web service's WSDL file. It purposes a model for encrypting WSDL document to handle its security problem. This solution is suitable for Web services which have critical rules according their policies and their WSDL faced with hacking problems. © 2011 IEEE.