Worst-input mutation approach to web services vulnerability testing based on SOAP messages

Chen, Jinfu and Wang, Huanhuan and Towey, Dave and Mao, Chengying and Huang, Rubing and Zhan, Yongzhao (2014) Worst-input mutation approach to web services vulnerability testing based on SOAP messages. Tsinghua Science and Technology, 19 (5). pp. 429-441. ISSN 1007-0214

Full text not available from this repository.

Abstract

The growing popularity and application of Web services have led to an increase in attention to the vulnerability of software based on these services. Vulnerability testing examines the trustworthiness, and reduces the security risks of software systems, however such testing of Web services has become increasing challenging due to the cross-platform and heterogeneous characteristics of their deployment. This paper proposes a worst-input mutation approach for testing Web service vulnerability based on SOAP (Simple Object Access Protocol) messages. Based on characteristics of the SOAP messages, the proposed approach uses the farthest neighbor concept to guide generation of the test suite. The test case generation algorithm is presented, and a prototype Web service vulnerability testing tool described. The tool was applied to the testing of Web services on the Internet, with experimental results indicating that the proposed approach, which found more vulnerability faults than other related approaches, is both practical and effective.

Item Type: Article
RIS ID: https://nottingham-repository.worktribe.com/output/738367
Keywords: Web service vulnerability; SOAP message; Test case generation; Mutation operator; Security testing
Schools/Departments: University of Nottingham Ningbo China > Faculty of Science and Engineering > School of Computer Science
Identification Number: https://doi.org/10.1109/TST.2014.6919819
Depositing User: QIU, Lulu
Date Deposited: 17 May 2018 12:52
Last Modified: 04 May 2020 16:56
URI: http://eprints.nottingham.ac.uk/id/eprint/51840

Actions (Archive Staff Only)

Edit View Edit View