Testing in Service-Oriented Environments

Abstract:In the banking domain, a high level of security must be considered and achieved to prevent a core-banking system from vulnerabilities and attackers. This is especially true when implementing Service Oriented Architecture Middleware (SOAM), which enables all banking e-services to be connected in a unified way and then allows banking e-services to transmit and share information using simple Object Access Protocol (SOAP). The main challenge in this research is that SOAP is designed without security in mind and there are no security testing tools that guarantee a secure SOAM solution in all its layers. Thus, this paper studies and analyzes the importance of implementing secure banking SOAM design architecture and of having an automated security testing framework. Therefore, Secure SOAM (SSOAM) is proposed, which works in parallel with the banking production environment. SSOAM contains a group of integrated security plugins that are responsible for scanning, finding, analyzing and fixing vulnerabilities and also forecasting new vulnerabilities and attacks in all banking SOAM layers.

show abstract

“…Web Service Attacker was proposed by Morris et al (2010). This tool is used for penetration tests for XML based web services.…”

Section: Ws Attackermentioning

confidence: 99%

SSOAM: Automated Security Testing Framework for SOA Middleware in Banking Domain

Al-Fayoumi¹,

Hamad²,

Al-Saraireh³

2018

Journal of Computer Science

View full text Add to dashboard Cite

show abstract

“…Due to the complexity of Cloud ecosystems, testing can involve a number of functional and nonfunctional attributes, which can influence the performance of the services when they go live. Morris et al (2010) has highlights various attributes that need to be tested such as functional behaviour of basic operations, and non-functional attributes such as availability of the service during different times of the day.…”

Section: Testing Functional and Non-functional Requirementsmentioning

confidence: 99%

“…• Testing Semantic Behaviour: A web service can be tested in conformance with key standards like validating a service interface using WSDL. Web service authentication is verified using WS-Security, WS-Digest and non-proprietary web services specification such as SOAP, WSDL and UDDI (Morris et al, 2010). Validating the service binding and messaging in conformance with SOAP protocol over HTTP involves checking request-response message pattern, response message exchange pattern, action feature and the bindings.…”

Section: Testing Functional and Non-functional Requirementsmentioning

confidence: 99%

Testing Software Services in Cloud Ecosystems

Kiran

Simons

2016

International Journal of Cloud Applications and Computing

View full text Add to dashboard Cite

Testing in the Cloud is far more challenging than testing individual software services. A multitude of factors affect testing, including variations across platforms and infrastructure. Architectural issues include differences between private, public Clouds, multi-Clouds and Cloud-bursting. Platform issues include cross-vendor incompatibility, and diverse locales of service deployment and consumption. Software issues include integration with third-party services, the desire to validate competing service offerings to similar standards and need to re-validate services at different stages of service lifecycle. A complete approach to testing whole Cloud ecosystems should involve all relevant stakeholders, such as service provider, consumer and broker. When testing Clouds, the methodologies used should not hinder the advantages Cloud usage brings to the users or programmers and more importantly be simple and cost effective. However, these testing methodologies differ according to the various kinds of Cloud ecosystems and the different user perspectives of the actors involved such as the end-user, the infrastructures, or the different software (i.e. web services). This paper also studies the state-of-the-art in Cloud testing where most research focuses predominantly on web services, functional testing and quality-of-service, usually being considered separately. The authors suggest a framework, Quality-as-a-Service (QaaS) which integrates quality issues such as functional behaviour and performance monitoring with lifecycle governance and security of the service. This paper maps out the themes in the contemporary research literature and links them with the service lifecycle process for validating future Cloud services. Along the way, the authors identify important research questions that the future Cloud service testing agenda should seek to address.

show abstract