Penetration Testing for Web Services

被引:14
作者
Antunes, Nuno [1 ]
Vieira, Marco [1 ]
机构
[1] Univ Coimbra, Dept Informat Engn, P-3000 Coimbra, Portugal
来源
COMPUTER | 2014年 / 47卷 / 02期
关键词
code vulnerabilities; command injection; penetration testing; SQL injection; vulnerability detection; Web security scanners; Web services;
D O I
10.1109/MC.2013.409
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Web services are often deployed with critical software security faults that open them to malicious attack. Penetration testing using commercially available automated tools can help avoid such faults, but new analysis of several popular testing tools reveals significant failings in their performance.
引用
收藏
页码:30 / 36
页数:7
相关论文
共 50 条
  • [11] Designing vulnerability testing tools for web services: approach, components, and tools
    Nuno Antunes
    Marco Vieira
    International Journal of Information Security, 2017, 16 : 435 - 457
  • [12] Designing vulnerability testing tools for web services: approach, components, and tools
    Antunes, Nuno
    Vieira, Marco
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2017, 16 (04) : 435 - 457
  • [13] Fault-based Web Services testing
    Hanna, Samer
    Munro, Malcolm
    PROCEEDINGS OF THE FIFTH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: NEW GENERATIONS, 2008, : 471 - 476
  • [14] Automatically Testing Web Services Choreography with Assertions
    Zhou, Lei
    Ping, Jing
    Xiao, Hao
    Wang, Zheng
    Pu, Geguang
    Ding, Zuohua
    FORMAL METHODS AND SOFTWARE ENGINEERING, 2010, 6447 : 138 - +
  • [15] Extending WSDL to facilitate web services testing
    Tsai, WT
    Paul, R
    Wang, YM
    Fan, C
    Wang, D
    7TH IEEE INTERNATIONAL SYMPOSIUM ON HIGH ASSURANCE SYSTEMS ENGINEERING, PROCEEDINGS, 2002, : 171 - 172
  • [16] Towards Dynamic Random Testing for Web Services
    Sun, Chang-ai
    Wang, Guan
    Cai, Kai-Yuan
    Chen, Tsong Yueh
    2012 IEEE 36TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC), 2012, : 164 - 169
  • [17] Automated Regression Suite for Testing Web Services
    Kumar, Ashok S.
    Kumar, Golcul Prem
    Dhawan, Ankur
    2009 INTERNATIONAL CONFERENCE ON ADVANCES IN RECENT TECHNOLOGIES IN COMMUNICATION AND COMPUTING (ARTCOM 2009), 2009, : 590 - 592
  • [18] Web services interoperability testing based on ontology
    Yu, Y
    Huang, N
    Ye, M
    FIFTH INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION TECHNOLOGY - PROCEEDINGS, 2005, : 1075 - 1079
  • [19] A Fuzzy Classifier-Based Penetration Testing for Web Applications
    Alhassan, J. K.
    Misra, Sanjay
    Umar, A.
    Maskeliunas, Rytis
    Damasevicius, Robertas
    Adewumi, Adewole
    PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY & SYSTEMS (ICITS 2018), 2018, 721 : 95 - 104
  • [20] Goal-based Testing of Semantic Web Services
    Jokhio, M. Shaban
    2009 IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING, PROCEEDINGS, 2009, : 707 - 711
12345