Penetration Testing for Web Services

被引:14
作者
Antunes, Nuno [1 ]
Vieira, Marco [1 ]
机构
[1] Univ Coimbra, Dept Informat Engn, P-3000 Coimbra, Portugal
来源
COMPUTER | 2014年 / 47卷 / 02期
关键词
code vulnerabilities; command injection; penetration testing; SQL injection; vulnerability detection; Web security scanners; Web services;
D O I
10.1109/MC.2013.409
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Web services are often deployed with critical software security faults that open them to malicious attack. Penetration testing using commercially available automated tools can help avoid such faults, but new analysis of several popular testing tools reveals significant failings in their performance.
引用
收藏
页码:30 / 36
页数:7
相关论文
共 11 条
[1]   Detecting SQL Injection Vulnerabilities in Web Services [J].
Antunes, Nuno ;
Vieira, Marco .
LADC: 2009 4TH LATIN-AMERICAN SYMPOSIUM ON DEPENDABLE COMPUTING, 2009, :17-24
[2]  
Chappell DavidA., 2002, JAVA WEB SERVICES
[3]   Web application security assessment tools [J].
Curphey, Mark ;
Araujo, Rudolph .
IEEE SECURITY & PRIVACY, 2006, 4 (04) :32-41
[4]  
Doupé A, 2010, LECT NOTES COMPUT SC, V6201, P111, DOI 10.1007/978-3-642-14215-4_7
[5]  
Freedman DanielP., 2000, Handbook of walkthroughs, inspec- tions, and technical reviews: evaluating programs, projects, and products
[6]  
Howard M., 2004, WRITING SECURE CODE
[7]   Improving Web Services Robustness [J].
Laranjeiro, Nuno ;
Vieira, Marco ;
Madeira, Henrique .
2009 IEEE INTERNATIONAL CONFERENCE ON WEB SERVICES, VOLS 1 AND 2, 2009, :397-404
[8]  
Richardson L., 2008, RESTful Web Services
[9]  
Stuttard D., 2011, WEB APPL HACKERS HDB
[10]  
The Open Web Application Security Project, 2013, OWASP TOP 10 2013
12