Penetration Testing Tool for Web Services Security

Mainka, Christian; Somorovsky, Juraj; Schwenk, Jörg

doi:10.1109/services.2012.7

Cited by 48 publications

(25 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The presented final results have been proved that WS-attacker can protect web services from SOAPAction, WS-Addressing spoofing, XML rewriting attacks and others refer to Table 1 (Hariharan and Babu, 2014;Mainka et al, 2012).…”

Section: [A] Ws-attackermentioning

confidence: 64%

“…This plugin focuses on the individual business process by analyzing the Web Service Description Language (WSDL) file. The main weakness in this plugin, which the author did not consider is that the orchestrated services, located in business process execution language (BPEL) component, could not prevent XML interpreting tags and replay attacks (Hariharan and Babu, 2014;Mainka et al, 2012).…”

Section: Ws Attackermentioning

confidence: 99%

“…SOAP is the heart of web services schema, while web services are loosely coupled software components and standard methods for connecting web-based applications such as internet banking to the core-banking system by using XML, SOAP, WSDL and Universal Description, Discovery and Integration (UDDI) over Internet protocol backbone (Mainka et al, 2012):…”

Section: Simple Object Access Protocol (Soap) [D]mentioning

confidence: 99%

“…• Send a service request from a requestor to the registry • Send information from the registry to the requestor; • Allow the requestor to bind to the service provider and run the web service (Mainka et al, 2012;Al-Jaroodi and Al-Dhaheri, 2011;Bhargavan et al, 2007) It is important to mention that SOAP is essential for all web services and communication between banking eservices (Hariharan and Babu, 2014;Lux et al, 2005;Keen et al, 2017).…”

Section: Simple Object Access Protocol (Soap) [D]mentioning

confidence: 99%

See 3 more Smart Citations

SSOAM: Automated Security Testing Framework for SOA Middleware in Banking Domain

Al-Fayoumi¹,

Hamad²,

Al-Saraireh³

2018

Journal of Computer Science

View full text Add to dashboard Cite

Abstract:In the banking domain, a high level of security must be considered and achieved to prevent a core-banking system from vulnerabilities and attackers. This is especially true when implementing Service Oriented Architecture Middleware (SOAM), which enables all banking e-services to be connected in a unified way and then allows banking e-services to transmit and share information using simple Object Access Protocol (SOAP). The main challenge in this research is that SOAP is designed without security in mind and there are no security testing tools that guarantee a secure SOAM solution in all its layers. Thus, this paper studies and analyzes the importance of implementing secure banking SOAM design architecture and of having an automated security testing framework. Therefore, Secure SOAM (SSOAM) is proposed, which works in parallel with the banking production environment. SSOAM contains a group of integrated security plugins that are responsible for scanning, finding, analyzing and fixing vulnerabilities and also forecasting new vulnerabilities and attacks in all banking SOAM layers.

show abstract

Section: [A] Ws-attackermentioning

confidence: 64%

Section: Ws Attackermentioning

confidence: 99%

Section: Simple Object Access Protocol (Soap) [D]mentioning

confidence: 99%

Section: Simple Object Access Protocol (Soap) [D]mentioning

confidence: 99%

See 2 more Smart Citations

SSOAM: Automated Security Testing Framework for SOA Middleware in Banking Domain

Al-Fayoumi¹,

Hamad²,

Al-Saraireh³

2018

Journal of Computer Science

View full text Add to dashboard Cite

show abstract

“…The SQL injection is the well-known attack [10] against the web programs, has become a serious protection risk..The traditional techniques are insufficient to analyse the SQL injection weak points in the web programs. In comparison to the well-known attacks as SQL injection or XSS, transmission analysing sources for the web services specific attacks do not exist.…”

Section: Litrature Reviewmentioning

confidence: 99%

Evaluating the Security Flaws in Web Applications

Kaur¹,

Kaur²

2015

IJCA

View full text Add to dashboard Cite

Web security is an important area of research. This work has focused on web securing schemes. The primary concentration is to interpret the way to handle the SQL Injections. It is one of the many web attack methods used by hackers to steal data from industries. It is one of the most usual technique used in present era for application layer attack It is the category of attack that takes the benefit of. Improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. So in this work we have reviewed different research on the SQL injections.

show abstract

A survey and taxonomy of DoS attacks in cloud computing

Màsdàrí

Jalali

2016

Security Comm. Networks

View full text Add to dashboard Cite

Denial‐of‐service (DoS) attacks are one of the major security challenges in the emerging cloud computing models. Currently, numerous types of DoS attacks are conducted against the various cloud services and resources, which target their availability, service level agreements, and performance. This paper presents an in‐depth study of the various types of the DoS attacks proposed for the cloud computing environment and classifies them based on the cloud components or services, which they target. Besides, it provides a comprehensive analysis of the vulnerabilities utilized in these DoS attacks and investigates about the state‐of‐the‐art solutions presented in the literature to prevent, detect, or deal with each kind of DoS attacks in the cloud. Finally, it presents open research issues. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Penetration Testing Tool for Web Services Security

Cited by 48 publications

References 8 publications

SSOAM: Automated Security Testing Framework for SOA Middleware in Banking Domain

SSOAM: Automated Security Testing Framework for SOA Middleware in Banking Domain

Evaluating the Security Flaws in Web Applications

A survey and taxonomy of DoS attacks in cloud computing

Contact Info

Product

Resources

About