Trustworthy Web services based on testing

Abstract

The Web services technology allows software components independently developed in disparate platforms to communicate in a seamless manner. They constitute a loosely coupled, distributed system that is highly scalable. But, they also inherit the vulnerabilities of such systems. As Web services increase in complexity and connectivity, the associated security risks also increase exponentially. Many of the security breaches can be traced back to poor testing. In this paper, research on security vulnerabilities in SOAP based Web services is presented. The security context of traditional Web applications is compared to that of Web services. An attempt is made to map common attack patterns to security testing requirements with regard to Web services.