Worst-input mutation approach to web services vulnerability testing based on SOAP messages
The growing popularity and application of Web services have led to an increase in attention to the vulnerability of software based on these services. Vulnerability testing examines the trustworthiness, and reduces the security risks of software systems, however such testing of Web services has becom...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Published: |
Tsinghua University Press
2014
|
| Subjects: | |
| Online Access: | https://eprints.nottingham.ac.uk/51840/ |
| _version_ | 1848798586636075008 |
|---|---|
| author | Chen, Jinfu Wang, Huanhuan Towey, Dave Mao, Chengying Huang, Rubing Zhan, Yongzhao |
| author_facet | Chen, Jinfu Wang, Huanhuan Towey, Dave Mao, Chengying Huang, Rubing Zhan, Yongzhao |
| author_sort | Chen, Jinfu |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | The growing popularity and application of Web services have led to an increase in attention to the vulnerability of software based on these services. Vulnerability testing examines the trustworthiness, and reduces the security risks of software systems, however such testing of Web services has become increasing challenging due to the cross-platform and heterogeneous characteristics of their deployment. This paper proposes a worst-input mutation approach for testing Web service vulnerability based on SOAP (Simple Object Access Protocol) messages. Based on characteristics of the SOAP messages, the proposed approach uses the farthest neighbor concept to guide generation of the test suite. The test case generation algorithm is presented, and a prototype Web service vulnerability testing tool described. The tool was applied to the testing of Web services on the Internet, with experimental results indicating that the proposed approach, which found more vulnerability faults than other related approaches, is both practical and effective. |
| first_indexed | 2025-11-14T20:22:08Z |
| format | Article |
| id | nottingham-51840 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| last_indexed | 2025-11-14T20:22:08Z |
| publishDate | 2014 |
| publisher | Tsinghua University Press |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-518402020-05-04T16:56:03Z https://eprints.nottingham.ac.uk/51840/ Worst-input mutation approach to web services vulnerability testing based on SOAP messages Chen, Jinfu Wang, Huanhuan Towey, Dave Mao, Chengying Huang, Rubing Zhan, Yongzhao The growing popularity and application of Web services have led to an increase in attention to the vulnerability of software based on these services. Vulnerability testing examines the trustworthiness, and reduces the security risks of software systems, however such testing of Web services has become increasing challenging due to the cross-platform and heterogeneous characteristics of their deployment. This paper proposes a worst-input mutation approach for testing Web service vulnerability based on SOAP (Simple Object Access Protocol) messages. Based on characteristics of the SOAP messages, the proposed approach uses the farthest neighbor concept to guide generation of the test suite. The test case generation algorithm is presented, and a prototype Web service vulnerability testing tool described. The tool was applied to the testing of Web services on the Internet, with experimental results indicating that the proposed approach, which found more vulnerability faults than other related approaches, is both practical and effective. Tsinghua University Press 2014-10-13 Article PeerReviewed Chen, Jinfu, Wang, Huanhuan, Towey, Dave, Mao, Chengying, Huang, Rubing and Zhan, Yongzhao (2014) Worst-input mutation approach to web services vulnerability testing based on SOAP messages. Tsinghua Science and Technology, 19 (5). pp. 429-441. ISSN 1007-0214 Web service vulnerability; SOAP message; Test case generation; Mutation operator; Security testing https://ieeexplore.ieee.org/document/6919819/ doi:10.1109/TST.2014.6919819 doi:10.1109/TST.2014.6919819 |
| spellingShingle | Web service vulnerability; SOAP message; Test case generation; Mutation operator; Security testing Chen, Jinfu Wang, Huanhuan Towey, Dave Mao, Chengying Huang, Rubing Zhan, Yongzhao Worst-input mutation approach to web services vulnerability testing based on SOAP messages |
| title | Worst-input mutation approach to web services vulnerability testing based on SOAP messages |
| title_full | Worst-input mutation approach to web services vulnerability testing based on SOAP messages |
| title_fullStr | Worst-input mutation approach to web services vulnerability testing based on SOAP messages |
| title_full_unstemmed | Worst-input mutation approach to web services vulnerability testing based on SOAP messages |
| title_short | Worst-input mutation approach to web services vulnerability testing based on SOAP messages |
| title_sort | worst-input mutation approach to web services vulnerability testing based on soap messages |
| topic | Web service vulnerability; SOAP message; Test case generation; Mutation operator; Security testing |
| url | https://eprints.nottingham.ac.uk/51840/ https://eprints.nottingham.ac.uk/51840/ https://eprints.nottingham.ac.uk/51840/ |