Please use this identifier to cite or link to this item:
Type: Artigo de periódico
Title: A Black-box Approach To Detect Vulnerabilities In Web Services Using Penetration Testing
Author: Salas
M. I. P.; Martins
Abstract: Web services work over dynamic connections among distributed systems. This technology was specifically designed to easily pass SOAP message through firewalls using open ports. These benefits involve a number of security challenges, such as Injection Attacks, phishing, Denial-of-Services (DoS) attacks, and so on. The difficulty to detect vulnerabilities -before they are exploited- encourages developers to use security testing like penetration testing to reduce the potential attacks. Given a black-box approach, this research use the penetration testing to emulate a series of attacks, such as Cross-site Scripting (XSS), Fuzzing Scan, Invalid Types, Malformed XML, SQL Injection, XPath Injection and XML Bomb. In this way, was used the soapUI vulnerability scanner in order to emulate these attacks and insert malicious scripts in the requests of the web services tested. Furthermore, was developed a set of rules to analyze the responses in order to reduce false positives and negatives. The results suggest that 97.1% of web services have at least one vulnerability of these attacks. We also determined a ranking of these attacks against web services.
Subject: Computer Science, Information Systems
Engineering, Electrical & Electronic
Citation: A Black-box Approach To Detect Vulnerabilities In Web Services Using Penetration Testing. Ieee-inst Electrical Electronics Engineers Inc, v. 13, p. 707-712 MAR-2015.
Rights: fechado
Identifier DOI: 
Date Issue: 2015
Appears in Collections:Unicamp - Artigos e Outros Documentos

Files in This Item:
File SizeFormat 
wos_000352090200021.pdf467.49 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.