Worst-Input Mutation Approach to Web Services Vulnerability Testing Based on SOAP Messages |
| |
Authors: | Jinfu Chen Huanhuan Wang Dave Towey Chengying Mao Rubing Huang Yongzhao Zhan |
| |
Institution: | 1. School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang 212013, China 2. the School of Computer Science, The University of Nottingham Ningbo China, Ningbo 315100,China 3. the School of Software and Communication Engineering, Jiangxi University of Finance and Economics, Nanchang 330013, China |
| |
Abstract: | The growing popularity and application of Web services have led to increased attention regarding the vulnerability of software based on these services.Vulnerability testing examines the trustworthiness and reduces the security risks of software systems.This paper proposes a worst-input mutation approach for testing Web service vulnerability based on Simple Object Access Protocol(SOAP)messages.Based on characteristics of SOAP messages,the proposed approach uses the farthest neighbor concept to guide generation of the test suite.The corresponding automatic test case generation algorithm,namely,the Test Case generation based on the Farthest Neighbor(TCFN),is also presented.The method involves partitioning the input domain into sub-domains according to the number and type of SOAP message parameters in the TCFN,selecting the candidate test case whose distance is the farthest from all executed test cases,and applying it to test the Web service.We also implement and describe a prototype Web service vulnerability testing tool.The tool was applied to the testing of Web services on the Internet.The experimental results show that the proposed approach can find more vulnerability faults than other related approaches. |
| |
Keywords: | security testing Web service vulnerability SOAP message test case generation mutation operator |
本文献已被 CNKI 维普 万方数据 等数据库收录! |
|