Penetration Testing for Web Services

被引:14
|
作者
Antunes, Nuno [1 ]
Vieira, Marco [1 ]
机构
[1] Univ Coimbra, Dept Informat Engn, P-3000 Coimbra, Portugal
来源
COMPUTER | 2014年 / 47卷 / 02期
关键词
code vulnerabilities; command injection; penetration testing; SQL injection; vulnerability detection; Web security scanners; Web services;
D O I
10.1109/MC.2013.409
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Web services are often deployed with critical software security faults that open them to malicious attack. Penetration testing using commercially available automated tools can help avoid such faults, but new analysis of several popular testing tools reveals significant failings in their performance.
引用
收藏
页码:30 / 36
页数:7
相关论文
共 50 条
  • [1] Testing Web Services
    Siblini, Reda
    Mansour, Nashat
    3RD ACS/IEEE INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND APPLICATIONS, 2005, 2005,
  • [2] A Black-Box Approach to Detect Vulnerabilities in Web Services Using Penetration Testing
    Salas, M. I. P.
    Martins, E.
    IEEE LATIN AMERICA TRANSACTIONS, 2015, 13 (03) : 707 - 712
  • [3] A Survey on Web Application Penetration Testing
    Altulaihan, Esra Abdullatif
    Alismail, Abrar
    Frikha, Mounir
    ELECTRONICS, 2023, 12 (05)
  • [4] Testing Web Services as Agents
    Sloan, John C.
    Khoshgoftaar, Taghi M.
    Folleco, Andres
    14TH ISSAT INTERNATIONAL CONFERENCE ON RELIABILITY AND QUALITY IN DESIGN, PROCEEDINGS, 2008, : 151 - 155
  • [5] Testing Web Services in the Cloud
    Sneed, Harry M.
    SOFTWARE QUALITY: INCREASING VALUE IN SOFTWARE AND SYSTEMS DEVELOPMENT, 2013, 133 : 70 - 88
  • [6] Collaborative Testing of Web Services
    Zhu, Hong
    Zhang, Yufeng
    IEEE TRANSACTIONS ON SERVICES COMPUTING, 2012, 5 (01) : 116 - 130
  • [7] Unit Testing Web Services
    Hamill, Paul
    DR DOBBS JOURNAL, 2008, 33 (11): : 53 - +
  • [8] Passive Testing of Web Services
    Andres, Cesar
    Emilia Cambronero, M.
    Nunez, Manuel
    WEB SERVICES AND FORMAL METHODS, 2011, 6551 : 56 - +
  • [9] Adaptive web services testing
    Bai, Xiaoying
    Chen, Yinong
    Shao, Zhongkui
    COMPSAC 2007: THE THIRTY-FIRST ANNUAL INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, VOL II, PROCEEDINGS, 2007, : 233 - +
  • [10] Vulnerability Assessment and Penetration Testing of Web Application
    Nagpure, Sangeeta
    Kurkure, Sonal
    2017 INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION, CONTROL AND AUTOMATION (ICCUBEA), 2017,
12345