Trustworthy Web Services based on testing

Proceedings - SOSE 2005: IEEE International Workshop on Service-Oriented System Engineering

Volumn 2005, Issue , 2005, Pages 167-177

  Yu, Weider D ^a   Supthaweesuk, Passarawarin ^a   Aravind, Dhanya ^a  

^a SAN JOSE STATE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

SECURITY BREACHES; SECURITY RISKS; WEB SERVICES TECHNOLOGY;

COMPUTATIONAL COMPLEXITY; COMPUTER SOFTWARE; DISTRIBUTED COMPUTER SYSTEMS; MAPPING; SECURITY OF DATA; WORLD WIDE WEB;

TELECOMMUNICATION SERVICES;

EID: 33845501871     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SOSE.2005.38     Document Type: Conference Paper

References (19)

1. Anderson, S., Bohren J., Boubez, T., Chanliau, M., Della-Libera, G., Dixon, B. et al.,(2004). Web Services secure conversation language (WS-Secure conversation). [Retrieved October 10, 2004 from http://msdn.microsoft.com/ library/default.asp?url=/library/en-us/dnglobspec/html/w-secureconversation.asp]
2. Microsoft Corporation (2001, December). XML Web Services basics. Retrieved October 8, 2004, from http://msdn.microsoft.com/webservices/ understanding/webservicebasics/default.aspx?pull=/library/en-us/dnwebsrv/html/ webservbasics.asp
3. Najmi (2002). How web applications were won. Retrieved October 24, 2004 from http://www.techiwarehouse.com/cms/engine.php?page_id=556123d8
4. Thompson, H. H., Whittaker, J. A. (2003). How to break software security. Toronto, Sydney, Singapore, Madrid, Mexico City, Munich, Cape Town, Hong Kong, Montreal: Addison Wesley
5. United States Computer Emergency Readiness Team (2004). CERT/CC statistics 1988-2004. Retrieved October 12, 2004, from http://www.cert.org/ stats/cert_stats.html
6. World Wide Web Consortium. (2004, February 11). Web Services architecture. Retrieved September 15, 2004, from http://www.w3.org/TR/ws-arch/
7. O'Neil, M. (2003). Web Services Security. New York: McGraw-Hill Osborne.
8. World Wide Web Consortium. (2004, February 11). Web Services Description Language (WSDL) 1.1 - W3C Note. Retrieved September 15, 2004, from http://www.w3.org/TR/wsdl/
9. Open Source Vulnerability Database (2003). OSVDB statistics. Retrieved October 15, 2004, from http://www.osvdb.com/
10. World Wide Web Consortium. (2004, February 11). Retrieved September 15, 2004, from http://www.w3.org/TR/2003/REC-soap12-part0-20030624/
11. Security Focus (2004, March 17). Retrieved March 14, 2005, from http://www.securityfocus.com/infocus/1768
12. Gartner Group. Web Services Security in 2003[Retrieved October 10, 2004 from http://www.csoonline.com/analyst/report709.html
13. Forum Systems, Inc. Anatomy of a Web Services At tack A guide to threats and preventative countermeasures, [Retrieved October 10, 2004 http://forumsystems.com/papers/Anatomy_of_Attack_wp.pdf]
14. Westbridge Technology, The Web Services Security Threat, The Risk, The Threats and What You Can Do Aboutit, [Retrieved from www.westbridgetech.com]
15. Jody Melbourne and David Jorm, Penetration Testing for Web Applications. [Retrieved September 2004 from http://www.governmentsecurity.org/articles/ PenetrationTestingforWebApplications.php]
16. Shreeraj Shah, Web Services - Attacks & Defense strategies, methods and tools. [Retrieved from http://packetstorm.linuxsecurity.com/papers/web/ WebServices_Info_Gathering.pdf]
17. Institute for Security and Open Methodologies, Open Source Security Testing Methodology Manual, [Retrieved from http://www.isecom.org/osstmm/]
18. SPI Dynamics. Inc. SQL Injection: Are Your Web Applications Vulnerable?, [Retrieved September 15, 2004 from http://www.spydynamics.com/support/ whitepapers/WhitepaperSQLInjection.pdf]
19. WinterGreen Research, Inc. Web Services Market Opportunities, Strategies, and Forecasts, 2004 to 2009. [Retrieved April 8, 2005 from http://www. mindbranch.com/products/R49-195.html]