Paper Info
Title
Security Testing Methodology for Evaluation of Web Services Robustness - Case: XML Injection
Abstract
A Web Service is a software system designed to support interoperable machine-to-machine interaction over a network, it also provides a standard means of interoperating between different software applications. However, Web Services have raised new challenges on information security, this technology is susceptible to XML Injection attacks, which would allow an attacker to collect and manipulate information to insert malicious code in either server-side or client-side, being one of the most employed attack against web applications according to the OWASP Top 10. Different studies have shown that the current testing techniques-- penetration testing and fuzzy scanning -- generate several false positives and negatives. However, the fault injection technique improve the robustness of web applications, through the greater flexibility to modify the test cases and to find software bugs. This work describes a fault injection technique for the evaluation of Web Services robustness with WS-Security (Username Token) and the development of a set of rules for vulnerability analysis, resulting on the improvement of the vulnerability detector accuracy. Our results show that 82% of web Services tested were vulnerable to XML Injection attacks.
Year
DOI
Venue
2015
10.1109/SERVICES.2015.53
IEEE Congress on Services
Keywords
Field
DocType
Web Services,XML Injection,fault injection,WS-Security,UsernameToken
WS-Addressing,Computer science,Computer security,SOAP,Web application security,Web application,Web service,Fault injection,WS-Security,Database,XML Signature
Conference
ISSN
Citations 
PageRank 
2378-3818
1
0.37
References 
Authors
7
3
Name
Order
Citations
PageRank
M. I. P. Salas1141.48
Paulo Lício de Geus28313.37
Eliane Martins3858.30