Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
Unraveling the Web Services Web: An Introduction to SOAP, WSDL, and UDDI
IEEE Internet Computing
Analyzing XML Parser Memory Characteristics: Experiments towards ImprovingWeb Services Performance
ICWS '06 Proceedings of the IEEE International Conference on Web Services
DDoS-shield: DDoS-resilient scheduling to counter application layer attacks
IEEE/ACM Transactions on Networking (TON)
Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services
SCC '09 Proceedings of the 2009 IEEE International Conference on Services Computing
State of the Art: Automated Black-Box Web Application Vulnerability Testing
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Validating Denial of Service Vulnerabilities in Web Services
NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
Experimental Evaluation of Web Service Frameworks in the Presence of Security Attacks
SCC '12 Proceedings of the 2012 IEEE Ninth International Conference on Services Computing
| Hi-index | 0.00 |
This paper presents a tool for testing the security of web service frameworks. The tool implements a large set of attack types, defined based on previous security research studies, existing testing tools, and field experience. The motivation is that developers frequently build web services based on the assumption that the underlying frameworks are secure, which is not always the case. Despite the evident need for security in the platforms that support services, existing security testing tools are very limited. In practice, most tools focus on application level vulnerabilities, and the few that allow testing platforms implement a very limited set of attack types. To the best of our knowledge, our tool includes more attacks than any other existing tool. Furthermore, by implementing an extensible architecture (based on plug-ins), the tool can be easily extended with additional attacks, supporting also a large variety of testing configurations. Results show that it can be used to disclose critical security problems in well-known frameworks.