Penetration Testing for Web Services

被引:14
作者
Antunes, Nuno [1 ]
Vieira, Marco [1 ]
机构
[1] Univ Coimbra, Dept Informat Engn, P-3000 Coimbra, Portugal
来源
COMPUTER | 2014年 / 47卷 / 02期
关键词
code vulnerabilities; command injection; penetration testing; SQL injection; vulnerability detection; Web security scanners; Web services;
D O I
10.1109/MC.2013.409
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Web services are often deployed with critical software security faults that open them to malicious attack. Penetration testing using commercially available automated tools can help avoid such faults, but new analysis of several popular testing tools reveals significant failings in their performance.
引用
收藏
页码:30 / 36
页数:7
相关论文
共 50 条
  • [41] Applying Text Classification Algorithms in Web Services Robustness Testing
    Laranjeiro, Nuno
    Oliveira, Rui
    Vieira, Marco
    2010 29TH IEEE INTERNATIONAL SYMPOSIUM ON RELIABLE DISTRIBUTED SYSTEMS SRDS 2010, 2010, : 255 - 264
  • [42] Scenario-based web services testing with distributed agents
    Tsai, WT
    Paul, R
    SAimi, A
    Cao, ZB
    IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2003, E86D (10): : 2130 - 2144
  • [43] Efficient traces' collection mechanisms for passive testing of Web Services
    Benharref, Abdelghani
    Dssouli, Rachida
    Serhani, Mohamed Adel
    Glitho, Roch
    INFORMATION AND SOFTWARE TECHNOLOGY, 2009, 51 (02) : 362 - 374
  • [44] Testing of Web Services using Behavior-Driven Development
    Oruc, Ahmet Furkan
    Ovatman, Tolga
    PROCEEDINGS OF THE 6TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING AND SERVICES SCIENCE, VOL 2 (CLOSER), 2016, : 85 - 92
  • [45] Multi-dimensional criteria for testing web services transactions
    Casado, Ruben
    Younas, Muhammad
    Tuya, Javier
    JOURNAL OF COMPUTER AND SYSTEM SCIENCES, 2013, 79 (07) : 1057 - 1076
  • [46] Coyote: An XML-based framework for web services testing
    Tsai, WT
    Paul, R
    Song, WW
    Cao, ZB
    7TH IEEE INTERNATIONAL SYMPOSIUM ON HIGH ASSURANCE SYSTEMS ENGINEERING, PROCEEDINGS, 2002, : 173 - 174
  • [47] A Systematic Approach to Web Application Penetration Testing Using TTCN-3
    Stepien, Bernard
    Xiong, Pulei
    Peyton, Liam
    E-TECHNOLOGIES: TRANSFORMATION IN A CONNECTED WORLD, 2011, 78 : 1 - 16
  • [48] Cooperative and group testing in verification of dynamic composite web services
    Tsai, WT
    Chen, Y
    Paul, R
    Liao, N
    Huang, H
    PROCEEDINGS OF THE 28TH ANNUAL INTERNATIONAL COMPUTER SOFTWARE AND APPLICATION CONFERENCE, WORKSHOP AND FAST ABSTRACTS, 2004, : 170 - 173
  • [49] Testing Web Services for academic environment with Robust Security Approach
    Prakash, Lakshmi Sunil
    Giri, Papiya
    Mathew, Sajan
    FUTURE INFORMATION TECHNOLOGY, 2011, 13 : 134 - 138
  • [50] A multi-agent based framework for collaborative testing on Web Services
    Bai, Xiaoying
    Dai, Guilan
    Xu, Dezheng
    Tsai, Wei-Tek
    FOURTH IEEE WORKSHOP ON SOFTWARE TECHNOLOGIES FOR FUTURE EMBEDDED AND UBIQUITOUS SYSTEMS AND THE SECOND INTERNATIONAL WORKSHOP ON COLLABORATIVE COMPUTING, INTEGRATION, AND ASSURANCE, PROCEEDINGS, 2006, : 205 - 210
12345