ISSN ONLINE(2320-9801) PRINT (2320-9798)
SoapUI and Soap Sonar Testing Tool Using Vulnerability Detection of Web Service
Web Services are modular software applications that can be described, published, located, and invoked across a network, such as the World Wide Web .Web services provide a simple interface between a provider and a consumer and are supported by a complex software infrastructure which is typically includes in the applications to server, the operating system and a set of external systems. In this technology is susceptible to the Cross-site Scripting (XSS) attack is takes advantage to existing vulnerabilities. In the proposed approach is using two Security Testing techniques they are Penetration Testing and Fault Injection, which emulate the XSS attack against to Web Services. This technology, combined with WSSecurity (WSS) and Security Tokens can identify their sender and to guarantee the legitimate access control to the SOAP messages are exchanged. So we use the vulnerability scanner soapUI that is one of the most recognized tools of Penetration Testing. In another way WSInject is a new fault injection tool can introduces faults in Web Services to analyze the behavior in an environment not in their robust. Therefore results shows their use of WSInject is comparison to soapUI can improve the detection in the vulnerability allows to emulate XSS attack and generates new types of them.
Ramakrishnan.R , Anbarasi.J, Kavitha.V
To read the full article Download Full Article | Visit Full Article