Jinfu Chen
Worst-input mutation approach to web services vulnerability testing based on SOAP messages
Chen, Jinfu; Wang, Huanhuan; Towey, Dave; Mao, Chengying; Huang, Rubing; Zhan, Yongzhao
Authors
Huanhuan Wang
Dave Towey
Chengying Mao
Rubing Huang
Yongzhao Zhan
Abstract
The growing popularity and application of Web services have led to an increase in attention to the vulnerability of software based on these services. Vulnerability testing examines the trustworthiness, and reduces the security risks of software systems, however such testing of Web services has become increasing challenging due to the cross-platform and heterogeneous characteristics of their deployment. This paper proposes a worst-input mutation approach for testing Web service vulnerability based on SOAP (Simple Object Access Protocol) messages. Based on characteristics of the SOAP messages, the proposed approach uses the farthest neighbor concept to guide generation of the test suite. The test case generation algorithm is presented, and a prototype Web service vulnerability testing tool described. The tool was applied to the testing of Web services on the Internet, with experimental results indicating that the proposed approach, which found more vulnerability faults than other related approaches, is both practical and effective.
Citation
Chen, J., Wang, H., Towey, D., Mao, C., Huang, R., & Zhan, Y. (2014). Worst-input mutation approach to web services vulnerability testing based on SOAP messages. Tsinghua Science and Technology, 19(5), https://doi.org/10.1109/TST.2014.6919819
Journal Article Type | Article |
---|---|
Acceptance Date | Aug 18, 2014 |
Publication Date | Oct 13, 2014 |
Deposit Date | May 17, 2018 |
Publicly Available Date | May 17, 2018 |
Journal | Tsinghua Science and Technology |
Print ISSN | 1007-0214 |
Electronic ISSN | 1007-0214 |
Publisher | Institute of Electrical and Electronics Engineers |
Peer Reviewed | Peer Reviewed |
Volume | 19 |
Issue | 5 |
DOI | https://doi.org/10.1109/TST.2014.6919819 |
Keywords | Web service vulnerability; SOAP message; Test case generation; Mutation operator; Security testing |
Public URL | https://nottingham-repository.worktribe.com/output/738367 |
Publisher URL | https://ieeexplore.ieee.org/document/6919819/ |
Files
Web services testing paper(2014.04.01.Final revision).pdf
(419 Kb)
PDF
Copyright Statement
Copyright information regarding this work can be found at the following address: http://creativecommons.org/licenses/by/4.0
Downloadable Citations
About Repository@Nottingham
Administrator e-mail: digital-library-support@nottingham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search