Infiltrate Testing Tool for Web Services Security

Apply

Infiltrate Testing Tool for Web Services Security

Journal Title: International Journal of Research in Computer and Communication Technology - Year 2013, Vol 2, Issue 7

Abstract

For distributed computing solutions Web Services are widely used. Web Services technology is used to integrate existing homogenous or heterogeneous enterprise applications. It can also be used to build inter-operable components that can be reused by many applications irrespective of the platforms in which they are built. Service Oriented Architecture (SOA) is being used for such distributed applications. This architecture enables integration of many services and allows access through a single interface. As this technology is widely used many extension specifications came into existences which were developed by W3C. This has caused the rise in attacks on web services applications. The attacks include denial of service attacks to various other attacks that break security of the systems. Web application developers generally test their applications for security using penetration testing tools. However, for applications built using Web Services technology no such penetration testing tools are available. Mainka et al. developed a penetration testing tool by name WSAttacker which is plug-in based. They have implemented only two plugins namely SOAPAction Spoofing and WS-Address Spoofing. In this paper we improve the tool by implementing plugins for two more attacks namely Oversize Payload Attack, Oversized Encryption Attack. The WSAttacker is meant for testing web services applications for security. The empirical results revealed that the proposed plugins are effective and they could enhance the use of the tool.

Authors and Affiliations

Shaik Kabeer, Anjini Prasad S, Venkatesh D

Keywords

Web Services security attacks SOAP UDDI WSDL penetration testing tool

EP ID EP27607
DOI -
Views 353
Downloads 3