Design and Implementation of the Security Mechanism for Electronic Documents

Lin, Yi-Cheng

10 September 2007

Information security has been becoming important. Not only play an important role in electronic commerce, but it is essential for communication of information at work or basic data transmission. It has been developed nearly ten years since the W3C announced the standard for XML which make up for HTML defects on data process. And cross-platform property is why it become the file layout standard that is used by variety platform of network to storage and exchange data. Furthermore, the W3C propose the XML Digital Signature and XML Encryption to enhance the security of XML. This study shows how to transform the traditional word format into XML format and apply it to network. Now, we implement a security transmission system of electronic documents from Java in support of Cryptography security and XML. Besides, we also adopt the typing biometrics features as identity authentication mechanisms to increase our system's reliability.

XML

XML Signature

XML Encryption

A secure web service : Specification on how to implement a secure Web service in a health care environment

Bill, Andreas, Persson, Robert

January 2005

<p>Background: With Web service growing popularity more and more companies chose to apply Web service in their organisation. With the rising usage of the concept the demands rise with it. For companies that deal with vulnerable information for example hospitals, there needs to be strong security measures taken.</p><p>Purpose: The aim of the report is to examine different security functions that can help developers to secure Web service applications. The report will be written so that organisations such as health care organisation can get insight on how to use a secure Web services in their line of work.</p><p>Method: One of the main methods used in this report is a qualitative hermeneutic way of thinking. The research process will apply Wallace’s model. The theoretical study is achieved with research on the subject through literature studies and published articles. Interviews that are used to gain knowledge are structured as quality orientated science surveys with semistandardised questions.</p><p>Conclusions: We believe the time has come for hospitals to investigate if Web service can help their organization. In case they choose to use Web services, we advise them to follow Web service Security’s recommendations to produce a web service that is adapted to their security needs.</p>

Web service

Security

XML

SOAP

UDDI

WSDL

Web service security

XML signature and XML encryption

SAML

Informatics

Informatik

A secure web service : Specification on how to implement a secure Web service in a health care environment

Bill, Andreas, Persson, Robert

January 2005

Background: With Web service growing popularity more and more companies chose to apply Web service in their organisation. With the rising usage of the concept the demands rise with it. For companies that deal with vulnerable information for example hospitals, there needs to be strong security measures taken. Purpose: The aim of the report is to examine different security functions that can help developers to secure Web service applications. The report will be written so that organisations such as health care organisation can get insight on how to use a secure Web services in their line of work. Method: One of the main methods used in this report is a qualitative hermeneutic way of thinking. The research process will apply Wallace’s model. The theoretical study is achieved with research on the subject through literature studies and published articles. Interviews that are used to gain knowledge are structured as quality orientated science surveys with semistandardised questions. Conclusions: We believe the time has come for hospitals to investigate if Web service can help their organization. In case they choose to use Web services, we advise them to follow Web service Security’s recommendations to produce a web service that is adapted to their security needs.

Web service

Security

XML

SOAP

UDDI

WSDL

Web service security

XML signature and XML encryption

SAML

Information Systems

Detekce útoků cílených na webové aplikace / Detection of attacks targeted at web applications

Jégrová, Eliška

January 2018

This thesis is dealing with vulnerabilities of web applications. The aim of the work is to create tools for attack detection of certain attacks, specifically Same Origin Method Execution (SOME), XML Signature Wrapping attack, XPATH Injection, HTTP Response Smuggling and Server-Side Includes (SSI) injection. Another aim is to create logs that display detected attacks. In the first part, the theory is analyzed and vulnerabilities of chosen attacks are described including their misuse. In the next section there are web application implemented which contain vulnerabilities for successful execution of the attacks. Furthermore, in Python language detection methods are designed and developed for these attacks, which are accompanied by a log entry.