Worst-input Mutation Approach to Web Services Vulnerability Testing based on SOAP Messages
The growing popularity and application of Web services have led to an increase in attention to the vulnerability of software based on these services.Vulnerability testing examines the trustworthiness,and reduces the security risks of software systems,however such testing of Web services has become increasing challenging due to the cross-platform and heterogeneous characteristics of their deployment.This paper proposes a worst-input mutation approach for testing Web service vulnerability based on SOAP (Simple Object Access Protocol) messages.Based on characteristics of the SOAP messages,the proposed approach uses the farthest neighbor concept to guide generation of the test suite.The test case generation algorithm is presented,and a prototype Web service vulnerability testing tool is described.The tool was applied to the testing of Web services on the Internet,with experimental results indicating that the proposed approach,which found more vulnerability faults than other related approaches,is both practical and effective.
Security testing Web service vulnerability SOAP message Test case generation Mutation operator
国内会议
湖北恩施
英文
1-12
2014-09-13(万方平台首次上网日期,不代表论文的发表时间)