Computer Science

Computer Science ›› 2013, Vol. 40 ›› Issue (7): 143-146.

Previous Articles     Next Articles

Design and Implementation of Web Service Vulnerability Testing System Based on SOAP Messages Mutation

CHEN Jia-mei,CHEN Jin-fu,ZHAN Yong-zhao,WANG Huan-huan and LI Qing   

  • Online:2018-11-16 Published:2018-11-16

PDF (PC)

448

Abstract: The automatic tool of testing Web service vulnerability brings great effect on Web service-based software engineering,and they can effectively ensure the security and reliability of Web service-based software.According to Web service which is used widely,a prototype system WSVTS(Web Service Vulnerability Testing System) was designed and implemented.Two mutation approaches of testing Web service vulnerability based on the input domain of SOAP message,namely the worst-input mutation approach and fuzz data-input mutation approach,were implemented.Based on the two approaches,two test cases generation algorithms which are Test Cases generation based on Farthest Neighbor (TCFN) and Fuzz Data-input Mutation Algorithm (FDMA) were also implemented.Then,the test cases generated by the algorithms were executed in the SOAP requesting message.The vulnerability of the Web services can be detected by the response message of the client.

Key words: Web service,SOAP messages,Vulnerability testing,Test cases,Mutation operators,Prototype system

[1] 陈锦富,卢炎生,谢晓东,等.一个组件安全自动化测试平台的设计与实现[J].计算机科学,2008,5(12):229-233
[2] Lourival F,de Almeida J,Vergilio S R.Exploring Perturbation Based Testing for Web Services[C]∥ICWS 2006.IEEE Computer Society,Los Alamitos,2006:717-726
[3] The Eviware SOAPUI 官方网站[EB/OL].http://www.SO-APUI.org/2007
[4] Sourceforge Org[EB/OL].http://sourceforge.net/forum/
[5] 罗作民,朱燕,程明.Web服务测试工具SOAPUI及其分析[J].计算机应用和软件,2010,7(5):155-157
[6] Chen T Y,Eddy G,et al.Adaptive Random Testing ThroughDynamic Partitioning[C]∥Proceedings of the Fourth International Conference on Quality Software.2004:79-86
[7] Chen T Y,Leung H,Mak I K.Adaptive Random Testing[J].LNCS,2004,3321:320-329
[8] 李博涵,郝忠孝.反向最远邻的有效过滤和查询算法[J].小型微型计算机系统,2009,0(10):1948-1951
[9] Kim H C,Choi Y H ,Lee D H .Efficient File Fuzz Testing Using Automated Analysis of Binary File Format[J].Journal of Systems Architecture,2011,57(3):259-268
[10] Chan K P,Chen T Y ,Towey D.Normalized Restricted Random Testing [C]∥Springer-Verlag 2003,2655:368-381
[11] 陈锦富,卢炎生,谢晓东.一种采用接口错误注入的构件安全性测试方法[J].小型微型计算机系统,2010,31(6):1090-1096
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.