Skip to main content

Research Repository

Advanced Search

Worst-input mutation approach to web services vulnerability testing based on SOAP messages

Chen, Jinfu; Wang, Huanhuan; Towey, Dave; Mao, Chengying; Huang, Rubing; Zhan, Yongzhao

Authors

Jinfu Chen

Huanhuan Wang

Dave Towey

Chengying Mao

Rubing Huang

Yongzhao Zhan



Abstract

The growing popularity and application of Web services have led to an increase in attention to the vulnerability of software based on these services. Vulnerability testing examines the trustworthiness, and reduces the security risks of software systems, however such testing of Web services has become increasing challenging due to the cross-platform and heterogeneous characteristics of their deployment. This paper proposes a worst-input mutation approach for testing Web service vulnerability based on SOAP (Simple Object Access Protocol) messages. Based on characteristics of the SOAP messages, the proposed approach uses the farthest neighbor concept to guide generation of the test suite. The test case generation algorithm is presented, and a prototype Web service vulnerability testing tool described. The tool was applied to the testing of Web services on the Internet, with experimental results indicating that the proposed approach, which found more vulnerability faults than other related approaches, is both practical and effective.

Journal Article Type Article
Publication Date Oct 13, 2014
Journal Tsinghua Science and Technology
Print ISSN 1007-0214
Electronic ISSN 1007-0214
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
Volume 19
Issue 5
APA6 Citation Chen, J., Wang, H., Towey, D., Mao, C., Huang, R., & Zhan, Y. (2014). Worst-input mutation approach to web services vulnerability testing based on SOAP messages. Tsinghua Science and Technology, 19(5), https://doi.org/10.1109/TST.2014.6919819
DOI https://doi.org/10.1109/TST.2014.6919819
Keywords Web service vulnerability; SOAP message; Test case generation; Mutation operator; Security testing
Publisher URL https://ieeexplore.ieee.org/document/6919819/
Copyright Statement Copyright information regarding this work can be found at the following address: http://creativecommons.org/licenses/by/4.0

Files

Web services testing paper(2014.04.01.Final revision).pdf (419 Kb)
PDF

Copyright Statement
Copyright information regarding this work can be found at the following address: http://creativecommons.org/licenses/by/4.0



Downloadable Citations

;