Penetration Testing for Web Services

被引:14
|
作者
Antunes, Nuno [1 ]
Vieira, Marco [1 ]
机构
[1] Univ Coimbra, Dept Informat Engn, P-3000 Coimbra, Portugal
来源
COMPUTER | 2014年 / 47卷 / 02期
关键词
code vulnerabilities; command injection; penetration testing; SQL injection; vulnerability detection; Web security scanners; Web services;
D O I
10.1109/MC.2013.409
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Web services are often deployed with critical software security faults that open them to malicious attack. Penetration testing using commercially available automated tools can help avoid such faults, but new analysis of several popular testing tools reveals significant failings in their performance.
引用
收藏
页码:30 / 36
页数:7
相关论文
共 50 条
  • [31] Automatic testing of Web services in Haskell platform
    Zhang, Yingzhou
    Fu, Wei
    Qian, Junyan
    Journal of Computational Information Systems, 2010, 6 (09): : 2859 - 2867
  • [32] Robustness Testing Framework for Web Services Composition
    Kuk, Seung Hak
    Kim, Hyeon Soo
    2009 IEEE ASIA-PACIFIC SERVICES COMPUTING CONFERENCE (APSCC 2009), 2009, : 289 - 294
  • [33] User-side testing of Web services
    Canfora, G
    Ninth European Conference on Software Maintenance and Reengineering, Proceedings, 2005, : 301 - 301
  • [34] Contract-based testing for web services
    Dai, Guilan
    Bai, Xiaoying
    Wang, Yongbo
    Dai, Fengjun
    COMPSAC 2007: THE THIRTY-FIRST ANNUAL INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, VOL I, PROCEEDINGS, 2007, : 517 - +
  • [35] Towards Dynamic Random Testing for Web Services
    Sun, Chang-ai
    Wang, Guan
    Cai, Kai-Yuan
    Chen, Tsong Yueh
    2012 IEEE 36TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC), 2012, : 164 - 169
  • [36] Web Services Testing Approaches: A Survey and a Classification
    Ladan, Mohamad I.
    NETWORKED DIGITAL TECHNOLOGIES, PT 2, 2010, 88 : 70 - 79
  • [37] The audition framework for testing web services interoperability
    Bertolino, A
    Polini, A
    EUROMICRO-SEAA 2005: 31ST EUROMICRO CONFERENCE ON SOFTWARE ENGINEERING AND ADVANCED APPLICATIONS, PROCEEDINGS, 2005, : 134 - 142
  • [38] Bootstrapping Automated Testing for RESTful Web Services
    Lei, Zhanyao
    Chen, Yixiong
    Yang, Yang
    Xia, Mingyuan
    Qi, Zhengwei
    IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2023, 49 (04) : 1561 - 1579
  • [39] Extending WSDL to facilitate web services testing
    Tsai, WT
    Paul, R
    Wang, YM
    Fan, C
    Wang, D
    7TH IEEE INTERNATIONAL SYMPOSIUM ON HIGH ASSURANCE SYSTEMS ENGINEERING, PROCEEDINGS, 2002, : 171 - 172
  • [40] Automatically Testing Web Services Choreography with Assertions
    Zhou, Lei
    Ping, Jing
    Xiao, Hao
    Wang, Zheng
    Pu, Geguang
    Ding, Zuohua
    FORMAL METHODS AND SOFTWARE ENGINEERING, 2010, 6447 : 138 - +
12345