Web service is characterized by its platform-independence,dynamic,openness and loose coupling. These characteristics greatly facilitate the application-to-application integration based on heterogeneous platform, that an increasing number of enterprise use it. Along with the development of Web services,its safe problem is more and more important. Web service art is attracting attackers and hackers to attack the Web services and the servers on which they run. Organizations are therefore facing the challenge of implementing adequate security for Web services. It detailedly analyzed the characteristics and principle of various attacks on Web service,and pointed out the corresponding detection and prevention countermeasures. On the basis of current research achievements,also presented a discussion on the future research directions and the challenges of Web service defenses against attacks.%Web服务具有平台无关性、动态性、开放性和松散耦合等特征,这给基于异构平台的应用集成带来极大便利,使越来越多的企业使用Web服务.Web服务技术在得到快速发展和应用的同时,它的安全问题越来越重要,成为黑客或者攻击者选择的目标,Web服务提供者对于保证Web服务安全要面临着严峻的考验.文中分析了Web服务攻击技术的特点、原理,讨论了用于攻击基于XML的Web服务的各种技术和目前比较流行的防御措施.进一步讨论了Web服务攻击将来的研究方向以及面临的挑战.
展开▼
