Fault Injection Techniques and Tools
Computer
Web Server Attack Categorization based on Root Causes and Their Locations
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
wsrbench: An On-Line Tool for Robustness Benchmarking
SCC '08 Proceedings of the 2008 IEEE International Conference on Services Computing - Volume 2
A Mobile Agent-Supported Web Services Testing Platform
EUC '08 Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing - Volume 02
Service-Oriented Architectures Testing: A Survey
Software Engineering
Idea: Automatic Security Testing for Web Applications
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
WS-TAXI: A WSDL-based Testing Tool for Web Services
ICST '09 Proceedings of the 2009 International Conference on Software Testing Verification and Validation
Case study: experiences on SQL language fuzz testing
Proceedings of the Second International Workshop on Testing Database Systems
Security Protocol Testing Using Attack Trees
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 02
An Heuristic Method for Web-Service Program Security Testing
CHINAGRID '09 Proceedings of the 2009 Fourth ChinaGrid Annual Conference
PRDC '09 Proceedings of the 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing
Quality analysis of composed services through fault injection
BPM'07 Proceedings of the 2007 international conference on Business process management
Automated Runtime Verification for Web Services
ICWS '10 Proceedings of the 2010 IEEE International Conference on Web Services
Improving data perturbation testing techniques for Web services
Information Sciences: an International Journal
Automatically testing web services choreography with assertions
ICFEM'10 Proceedings of the 12th international conference on Formal engineering methods and software engineering
The Art of Software Testing
On the security of public key protocols
IEEE Transactions on Information Theory
| Hi-index | 0.00 |
Due to its distributed and open nature, Web Services give rise to new security challenges. This technology is susceptible to Cross-site Scripting (XSS) attack, which takes advantage of existing vulnerabilities. The proposed approach makes use of two Security Testing techniques, namely Penetration Testing and Fault Injection, in order to emulate XSS attack against Web Services. This technology, combined with WS-Security (WSS) and Security Tokens, can identify the sender and guarantee the legitimate access control to the SOAP messages exchanged. We use the vulnerability scanner soapUI that is one of the most recognized tools of Penetration Testing. In contrast, WSInject is a new fault injection tool, which introduces faults or errors on Web Services to analyze the behavior in an environment not robust. The results show that the use of WSInject, in comparison to soapUI, improves the detection of vulnerability allows to emulate XSS attack and generates new types of them.