Software vulnerability analysis for Web services software systems

Proceedings - IEEE Symposium on Computers and Communications

Volumn , Issue , 2006, Pages 740-748

  Yu, Weider D ^a   Aravind, Dhanya ^a   Supthaweesuk, Passarawarin ^a  

^a SAN JOSE STATE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SOFTWARE; INTERACTIVE COMPUTER SYSTEMS; PATTERN RECOGNITION; RISKS; VERIFICATION;

BUSINESS ORIENTED OBJECTIVES; SOAP BASED WEB SERVICES; SOFTWARE COMPONENTS;

WEB SERVICES;

EID: 34547322724     PISSN: 15301346     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISCC.2006.151     Document Type: Conference Paper

References (18)

1. S. Anderson, J. Bohren, T. Boubez, M. Chanliau, G. Della-Libera, B. Dixon, et al.,(2004). Web Services secure conversation language (WS-Secure conversation). [Retrieved October 10, 2004 from http://msdn.microsoft.com/ library/default.asp?url=/library/en-us/dnglobspec/html/w-secureconversation.asp]
2. Microsoft Corporation (2001, December). XML Web Services basics. [Retrieved October 8, 2004, from http://msdn.microsoft.com/webservices/ understanding/webservicebasics/default.aspx?pull =/library/en-us/dnwebsrv/html/ webservbasics.asp]
3. Najmi (2002). How web applications were won. [Retrieved October 24, 2004 from http://www.techiwarehouse.com/cms/engine.php?page_id=556123d8]
4. H. H. Thompson, J. A. Whittaker (2003). How to break software security. Toronto, Sydney, Singapore, Madrid, Mexico City, Munich, Cape Town, Hong Kong, Montreal: Addison Wesley
5. United States Computer Emergency Readiness Team (2004). CERT/CC statistics 1988-2004. Retrieved October 12, 2004, from http://www.cert.org/ stats/cert_stats.html
6. World Wide Web Consortium. (2004, February 11). Web Services architecture. [Retrieved September 15, 2004 from http://www.w3.org/TR/ws-arch/]
7. M. O'Neil, Web Services Security. New York: McGraw-Hill Osborne, 2003.
8. World Wide Web Consortium. (2004, February 11). Web Services Description Language (WSDL) 1.1 - W3C Note. [Retrieved September 15, 2004, from http://www.w3.org/TR/wsdl/]
9. Open Source Vulnerability Database (2003). OSVDB statistics. [Retrieved October 15, 2004, from http://www.osvdb.com/]
10. World Wide Web Consortium. (2004, February 11). [Retrieved September 15,2004, from http://www.w3.org/TR/2003/REC-soap12-part0-20030624/]
11. Security Focus (2004, March 17). [Retrieved March 14, 2005, from http://www.securityfocus.com/infocus/1768]
12. Gartner Group. Web Services Security in 2003. [Retrieved October 10, 2004 from http://www.csoonline.com/analyst/report709.html
13. Forum Systems, Inc. Anatomy of a Web Service s At tack A guide to threats and preventative countermeasures. [Retrieved October 10, 2004 http://forumsystems.com/papers/Anatomy_of_Attack_wp.pdf]
14. Westbridge Technology, The Web Services Security Threat,The Risk, The Threats and What You Can Do About It, [Retrieved from www.westbridgetech. com]
15. J. Melbourne and D. Jorm, Penetration Testing for Web Applications. [Retrieved September 2004 from http://www.governmentsecurity. org/articles/PenetrationTestingforWebApplications.php]
16. S. Shreeraj, Web Services - Attacks & Defense strategies, methods and tools. [Retrieved from http://packetstorm.linuxsecurity.com/papers/web/ WebServices_Info_Gathering.pdf]
17. Institute for Security and Open Methodologies, Open Source Security Testing Methodology Manual, [Retrieved from http://www.isecom.org/osstmm/]
18. SPI Dynamics. Inc. SQL Injection: Are Your Web Applications Vulnerable?, [Retrieved September 15, 2004 from http://www.spydynamics.com/support/ whitepapers/WhitepaperSQLInjection.pdf]