Name
Abstract | ||
|---|---|---|
XML-based SOAP Web Services are a widely used technology, which allows the users to execute remote operations and transport arbitrary data. It is currently adapted in Service Oriented Architectures, cloud interfaces, management of federated identities, eGovernment, or millitary services. The wide adoption of this technology has resulted in an emergence of numerous -- mostly complex -- extension specifications. Naturally, this has been followed by a rise in large number of Web Services attacks. They range from specific Denial of Service attacks to attacks breaking interfaces of cloud providers or confidentiality of encrypted messages. By implementing common web applications, the developers evaluate the security of their systems by applying different penetration testing tools. However, in comparison to the well-known attacks as SQL injection or Cross Site Scripting, there exist no penetration testing tools for Web Services specific attacks. This was the motivation for developing the first automated penetration testing tool for Web Services called WS-Attacker. In this paper we give an overview of our design decisions and provide evaluation of four Web Services frameworks and their resistance against WS-Addressing spoofing and SOAPAction spoofing attacks. %WS-Attacker was built with respect to its future extensions with further attacks in order to provide an all-in-one security checking interface. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1109/SERVICES.2012.7 | SERVICES |
Keywords | Field | DocType |
web services security,web services specific attack,web services framework,penetration testing tool,web services,web services attack,xml-based soap web services,different penetration testing tool,soapaction spoofing attack,automated penetration testing tool,service oriented architectures,servers,simple object access protocol,sql injection,testing,xml,cross site scripting,egovernment,security,sql,cloud computing,service oriented architecture,cryptography,denial of service attacks | Web development,Services computing,World Wide Web,Computer science,Computer security,WS-I Basic Profile,Web modeling,Web application security,Web service,Database,WS-Security,WS-Policy | Conference |
ISBN | Citations | PageRank |
978-1-4673-3053-4 | 15 | 1.00 |
References | Authors | |
5 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| christian mainka | 1 | 66 | 10.80 |
| Juraj Somorovsky | 2 | 263 | 19.92 |
| Jorg Schwenk | 3 | 51 | 3.66 |