Automation of Detection of Security Vulnerabilities in Web Services using Dynamic Analysis

被引:0
|
作者
Kumar, Rahul [1 ]
Indraveni, K. [1 ]
Goel, Aakash Kumar [1 ]
机构
[1] CDAC, Hyderabad, Andhra Pradesh, India
来源
2014 9TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST) | 2014年
关键词
Security; Web Service; Testing; Attack; Vulnerability; WSDL; XML; Payload; Dynamic Analysis; Enumeration; Automation; SOAP Request; Response;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
The usage of XML in maintaining data over the web communications has lead to new ways of exploitation which are dangerous for the data integrity yet can be remediated on the basis of the vulnerability classification. The approach is reserved for the research scope of unchangeable dynamic vulnerabilities with the help of WSDL Enumeration and automation script for detection of the vulnerabilities on analysis of the SOAP Request and Response saved in XML Format with different payloads.
引用
收藏
页码:334 / 336
页数:3
相关论文
共 50 条
  • [1] Using Web Security Scanners to Detect Vulnerabilities in Web Services
    Vieira, Marco
    Antunes, Nuno
    Madeira, Henrique
    [J]. 2009 IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS & NETWORKS (DSN 2009), 2009, : 566 - 571
  • [2] Security Testing Methodology for Vulnerabilities Detection of XSS in Web Services and WS-Security
    Salas, M. I. P.
    Martins, E.
    [J]. ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2014, 302 : 133 - 154
  • [3] Web services and grid security vulnerabilities and threats analysis and model.
    Demchenko, Y
    Gommans, L
    de Laat, C
    Oudenaarde, B
    [J]. 2005 6th International Workshop on Grid Computing (GRID), 2005, : 262 - 267
  • [4] Automation of System Security Vulnerabilities Detection Using Open-Source Software
    Seara, Joao Pedro
    Serrao, Carlos
    [J]. ELECTRONICS, 2024, 13 (05)
  • [5] A Synergy between Static and Dynamic Analysis for the Detection of Software Security Vulnerabilities
    Hanna, Aiman
    Ling, Hai Zhou
    Yang, XiaoChun
    Debbabi, Mourad
    [J]. ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS: OTM 2009, PT 2, 2009, 5871 : 815 - 832
  • [6] Analysis of Field Data on Web Security Vulnerabilities
    Fonseca, Jose
    Seixas, Nuno
    Vieira, Marco
    Madeira, Henrique
    [J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2014, 11 (02) : 89 - 100
  • [7] On the Detection and Analysis of Software Security Vulnerabilities
    Wijesiriwardana, Chaman
    Wimalaratne, Prasad
    [J]. 2017 IEEE INTERNATIONAL CONFERENCE ON IOT AND ITS APPLICATIONS (IEEE ICIOT), 2017,
  • [8] A New Framework of Security Vulnerabilities Detection in PHP Web Application
    Zhao, Jingling
    Gong, Rulin
    [J]. 2015 9TH INTERNATIONAL CONFERENCE ON INNOVATIVE MOBILE AND INTERNET SERVICES IN UBIQUITOUS COMPUTING IMIS 2015, 2015, : 271 - 276
  • [9] A Taxonomy of Web Security Vulnerabilities
    Al-Kahla, Wafaa
    Shatnawi, Ahmed S.
    Taqieddin, Eyad
    [J]. 2021 12TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION SYSTEMS (ICICS), 2021, : 424 - 429
  • [10] Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services
    Antunes, Nuno
    Laranjeiro, Nuno
    Vieira, Marco
    Madeira, Henrique
    [J]. 2009 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, 2009, : 260 - 267
12345