Penetration Testing for Web Services

被引:14
作者
Antunes, Nuno [1 ]
Vieira, Marco [1 ]
机构
[1] Univ Coimbra, Dept Informat Engn, P-3000 Coimbra, Portugal
来源
COMPUTER | 2014年 / 47卷 / 02期
关键词
code vulnerabilities; command injection; penetration testing; SQL injection; vulnerability detection; Web security scanners; Web services;
D O I
10.1109/MC.2013.409
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Web services are often deployed with critical software security faults that open them to malicious attack. Penetration testing using commercially available automated tools can help avoid such faults, but new analysis of several popular testing tools reveals significant failings in their performance.
引用
收藏
页码:30 / 36
页数:7
相关论文
共 50 条
  • [31] Using TTCN-3 as a Modeling Language for Web Penetration Testing
    Stepien, Bernard
    Peyton, Liam
    Xiong, Pulei
    2012 IEEE INTERNATIONAL CONFERENCE ON INDUSTRIAL TECHNOLOGY (ICIT), 2012, : 674 - 681
  • [32] SQLi Penetration Testing of Financial Web Applications: Investigation of Bangladesh Region
    Farah, Tanjila
    Alain, Delwar
    Kabir, Alamgir
    Bhuiyan, Touhid
    2015 WORLD CONGRESS ON INTERNET SECURITY (WORLDCIS), 2015, : 146 - 151
  • [33] Penetration Testing of 5G Core Network Web Technologies
    Giambartolomei, Filippo
    Barcelo, Marc
    Brighente, Alessandro
    Urbieta, Aitor
    Conti, Mauro
    ICC 2024 - IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, 2024, : 702 - 707
  • [34] Intelligent Web Security Testing with Threat Assessment and Client Server Penetration
    Gohel, Hardik
    Sharma, Priyanka
    PROCEEDINGS OF INTERNATIONAL CONFERENCE ON ICT FOR SUSTAINABLE DEVELOPMENT ICT4SD 2015, VOL 2, 2016, 409 : 555 - 568
  • [35] WebGuardia - An Integrated Penetration Testing System to Detect Web Application Vulnerabilities
    Vithanage, Nisal Madhushan
    Jeyamohan, Neera
    PROCEEDINGS OF THE 2016 IEEE INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, SIGNAL PROCESSING AND NETWORKING (WISPNET), 2016, : 221 - 227
  • [36] Security Testing Methodology for Vulnerabilities Detection of XSS in Web Services and WS-Security
    Salas, M. I. P.
    Martins, E.
    ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2014, 302 : 133 - 154
  • [37] Swiss cheese test case generation for web services testing
    Tsai, WT
    Wei, X
    Chen, YN
    Paul, R
    Xiao, BM
    IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2005, E88D (12): : 2691 - 2698
  • [38] A Methodology for Model-Based Regression Testing of Web Services
    Khan, Tamim Ahmed
    Heckel, Reiko
    2009 TESTING: ACADEMIC AND INDUSTRIAL CONFERENCE-PRACTICE AND RESEARCH TECHNIQUES, TAIC PART 2009, 2009, : 123 - 124
  • [39] An iterative metamorphic testing technique for web services and case studies
    Sun, Chang-ai
    Fu, An
    Liu, Yiqiang
    Wen, Qing
    Wang, Zuoyi
    Wu, Peng
    Chen, Tsong Yueh
    INTERNATIONAL JOURNAL OF WEB AND GRID SERVICES, 2020, 16 (04) : 364 - 392
  • [40] Functional Based Testing in Web Services Integrated Software Applications
    Ramachandran, Selvakumar
    Santapoor, Lavanya
    Rayudu, Haritha
    ADVANCED COMPUTING, PT III, 2011, 133 : 130 - 138
12345