Benchmarking Vulnerability Detection Tools for Web Services

Assessing and Comparing Vulnerability Detection Tools for Web Services: Benchmarking Approach and Examples

IEEE Transactions on Services Computing ◽

10.1109/tsc.2014.2310221 ◽

2015 ◽

Vol 8 (2) ◽

pp. 269-283 ◽

Cited By ~ 28

Author(s):

Nuno Antunes ◽

Marco Vieira

Keyword(s):

Web Services ◽

Vulnerability Detection

Download Full-text

Analysis of Vulnerability Detection Tool for Web Services

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i3.12.16499 ◽

2018 ◽

Vol 7 (3.12) ◽

pp. 773

Author(s):

Senthamil Preethi K ◽

Murugan A

Keyword(s):

Web Services ◽

False Positive Rate ◽

Vulnerability Detection ◽

Sql Injection ◽

Detection Tool ◽

Positive Rate ◽

Application Requirements ◽

Low Coverage ◽

Day By Day ◽

The Web

The demand of the web services requirement is increasing day by day, because of this the security of the web services was under risk. To prevent from distinct types of attacks the developer needs to select the vulnerability detection tools, since many tools are available in the market the major challenging task for the developer to find the best tool which suitable for his application requirements. The recent study shows that many vulnerability detection tools provide a low coverage as far as vulnerability detection and higher false positive rate. In this paper, proposed a benchmarking method to accessing and comparing the efficiency of vulnerability detection tools in the web service environment. This method was used to illustrate the two benchmarks for SQL injection and cross site scripting. The first one is depending on predefined set of web services and next one permits user to identify the workload (User defined web services). Proposed system used the open source and commercial tools to test the application with benchmarking standards. Result shows that the benchmarks perfectly depict the efficiency of vulnerability detection tools.

Download Full-text

Detecting Vulnerabilities in Web Services

Performance and Dependability in Service Computing - Advances in Web Technologies and Engineering ◽

10.4018/978-1-60960-794-4.ch018 ◽

2012 ◽

pp. 402-426

Author(s):

Nuno Antunes ◽

Marco Vieira

Keyword(s):

Web Services ◽

Web Service ◽

Case Studies ◽

Lessons Learned ◽

Vulnerability Detection ◽

Software Bugs ◽

Common Time ◽

The Common ◽

Critical Components ◽

Specific Scenario

Although web services are becoming business-critical components, they are often deployed with software bugs that can be maliciously exploited. Numerous developers are not specialized on security and the common time-to-market constraints limit an in-depth testing for vulnerabilities. In this context, vulnerability detection tools have a very important role helping the developers to produce less vulnerable code. However, developers usually select a tool to use and rely on its results without knowing its real effectiveness. This chapter presents two case studies on the effectiveness of several well-known vulnerability detection tools and discusses their strengths and limitations. Based on lessons learned, the chapter also proposes a benchmarking technique that can be used to select the tool that best fits a specific scenario. The main goal is to provide web service developers with information on how much they can rely on widely used vulnerability detection tools and on how to select the most adequate tool.

Download Full-text

WS-Security on PRODML

ACMIT Proceedings ◽

10.33555/acmit.v1i1.16 ◽

2014 ◽

Vol 1 (1) ◽

pp. 9-34

Author(s):

Bobby Suryajaya

Keyword(s):

Web Services ◽

Digital Signature ◽

Data Transfer ◽

Web Services Security ◽

Soap Message ◽

Simulation Results ◽

End To End

SKK Migas plans to apply end-to-end security based on Web Services Security (WS-Security) for Sistem Operasi Terpadu (SOT). However, there are no prototype or simulation results that can support the plan that has already been communicated to many parties. This paper proposes an experiment that performs PRODML data transfer using WS-Security by altering the WSDL to include encryption and digital signature. The experiment utilizes SoapUI, and successfully loaded PRODML WSDL that had been altered with WSP-Policy based on X.509 to transfer a SOAP message.

Download Full-text