Attack Taxonomy Methodology Applied to Web Services

Marcelo Invert Palma Salas

Attack Taxonomy Methodology Applied to Web Services

Authors

Marcelo Invert Palma Salas UNICAMP, University of Campinas https://orcid.org/0000-0001-6821-0002

Keywords:

Attack taxonomy methodology, web services, brute force, spoofing, flooding, denial-of-services, injection

Abstract

With the rapid evolution of attack techniques and attacker targets, companies and researchers question the applicability and effectiveness of security taxonomies. Although the attack taxonomies allow us to propose a classification scheme, they are easily rendered useless by the generation of new attacks. Due to its distributed and open nature, web services give rise to new security challenges. The purpose of this study is to apply a methodology for categorizing and updating attacks prior to the continuous creation and evolution of new attack schemes on web services. Also, in this research, we collected thirty-three (33) types of attacks classified into five (5) categories, such as brute force, spoofing, flooding, denial-of-services, and injection attacks, in order to obtain the state of the art of vulnerabilities against web services. Finally, the attack taxonomy is applied to a web service, modeling through attack trees. The use of this methodology allows us to prevent future attacks applied to many technologies, not only web services.

Downloads

Download data is not yet available.

Downloads

Published

2024-01-08

Issue

Vol. 11 No. 1 (2024)

Section

Research Articles for the Regular Issue

License

Copyright Notice

Authors who publish this journal agree to the following terms:

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-Non-Commercial-Share-Alike 4.0 International 4.0 that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.

Disclaimer

LAJC in no event shall be liable for any direct, indirect, incidental, punitive, or consequential copyright infringement claims related to articles that have been submitted for evaluation, or published in any issue of this journal. Find out more in our Disclaimer Notice.

How to Cite

[1]

“Attack Taxonomy Methodology Applied to Web Services”, LAJC, vol. 11, no. 1, pp. 66–79, Jan. 2024, Accessed: Oct. 08, 2025. [Online]. Available: https://lajc.epn.edu.ec/index.php/LAJC/article/view/351