Skip to main content

Research Repository

Advanced Search

Worst-input mutation approach to web services vulnerability testing based on SOAP messages

Chen, Jinfu; Wang, Huanhuan; Towey, Dave; Mao, Chengying; Huang, Rubing; Zhan, Yongzhao

Authors

Jinfu Chen

Huanhuan Wang

Dave Towey

Chengying Mao

Rubing Huang

Yongzhao Zhan



Abstract

The growing popularity and application of Web services have led to an increase in attention to the vulnerability of software based on these services. Vulnerability testing examines the trustworthiness, and reduces the security risks of software systems, however such testing of Web services has become increasing challenging due to the cross-platform and heterogeneous characteristics of their deployment. This paper proposes a worst-input mutation approach for testing Web service vulnerability based on SOAP (Simple Object Access Protocol) messages. Based on characteristics of the SOAP messages, the proposed approach uses the farthest neighbor concept to guide generation of the test suite. The test case generation algorithm is presented, and a prototype Web service vulnerability testing tool described. The tool was applied to the testing of Web services on the Internet, with experimental results indicating that the proposed approach, which found more vulnerability faults than other related approaches, is both practical and effective.

Citation

Chen, J., Wang, H., Towey, D., Mao, C., Huang, R., & Zhan, Y. (2014). Worst-input mutation approach to web services vulnerability testing based on SOAP messages. Tsinghua Science and Technology, 19(5), https://doi.org/10.1109/TST.2014.6919819

Journal Article Type Article
Acceptance Date Aug 18, 2014
Publication Date Oct 13, 2014
Deposit Date May 17, 2018
Publicly Available Date May 17, 2018
Journal Tsinghua Science and Technology
Print ISSN 1007-0214
Electronic ISSN 1007-0214
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
Volume 19
Issue 5
DOI https://doi.org/10.1109/TST.2014.6919819
Keywords Web service vulnerability; SOAP message; Test case generation; Mutation operator; Security testing
Public URL http://eprints.nottingham.ac.uk/id/eprint/51840
Publisher URL https://ieeexplore.ieee.org/document/6919819/
Copyright Statement Copyright information regarding this work can be found at the following address: http://creativecommons.org/licenses/by/4.0

Files


Web services testing paper(2014.04.01.Final revision).pdf (419 Kb)
PDF

Copyright Statement
Copyright information regarding this work can be found at the following address: http://creativecommons.org/licenses/by/4.0



Downloadable Citations