Journal Articles 2020(2 publications) [publication]Casaleiro, R. and Paulo Silva and Simões, P. and Boavida, F. and Edmundo Monteiro and Marilia Curado and Tiago Cruz and Nuno Antunes and Marco Vieira and Riccio, G.M. and Verzillo, M.P. and Marek, P. and Goncalves, L. and Bagnato, A. and Valentini, A. and Intonti, B. and Manzo, R. and Posta, V.D. and Zampolini, L. and Rooij, J.v. and Houf, R. and Rios, E. and Iturbe, E. and Gutierrez, I. and Anguita, S. and Gomez, C. and Echevarria, J. and Houf, H. and Nicoletti, L. and Lotti, R. and Natale, D. and Pizzo, L.d. and Pane, F. and Schiavo, F. , "Protection and control of personal identifiable information: The PoSeID-on approach", Journal of Data Protection & Privacy, vol. 3, 2020 [publication]Paulo Silva and Casaleiro, R. and Simões, P. and Nuno Antunes and Marilia Curado and Edmundo Monteiro , "Risk Management and Privacy Violation Detection in the PoSeID-on Data Privacy Platform", SN Computer Science, vol. 1, 2020 2019(2 publications) [publication]Alic, A.S. and Almeida, J. and Aloisio, G. and Andrade, N. and Nuno Antunes and Ardagna, D. and Badia, R.M. and Basso, T. and Blanquer, I. and Braz, T. and Brito, A. and Elia, D. and Fiore, S. and Guedes, D. and Lattuada, M. and Lezzi, D. and Maciel, M. and Jr, W.M. and Mestre, D. and Moraes, R. and Morais, F. and Pires, C.E. and Kozievitchi, N.P. and Santos, W.d. and Paulo Silva and Marco Vieira , "BIGSEA: A Big Data analytics platform for public transportation information", Future Generation Computer Systems, 2019 [publication]Braga, A.M. and Dahab, R. and Nuno Antunes and Laranjeiro, N. and Marco Vieira , "Understanding How to Use Static Analysis Tools for Detecting Cryptography Misuse in Software", IEEE Transactions on Reliability, 2019 2018(1 publication) [publication]Paulo Silva and Basso, T. and Nuno Antunes and Moraes, R. and Marco Vieira and Simões, P. and Edmundo Monteiro , "A Europe-Brazil Context for Secure Data Analytics in the Cloud", IEEE Security & Privacy, vol. 16, pp. 52-60, 2018 2016(1 publication) [publication]Nuno Antunes and Marco Vieira , "Designing vulnerability testing tools for web services: approach, components, and tools", International Journal of Information Security, pp. 1-23, 2016 2015(1 publication) [publication]Nuno Antunes and Marco Vieira , "Assessing and Comparing Vulnerability Detection Tools for Web Services: Benchmarking Approach and Examples", IEEE Transactions on Services Computing, 2015 [citation][year=2016]V. Chang, Y.-H. Kuo, and M. Ramachandran, “Cloud computing adoption framework: A security framework for business clouds,” Future Generation Computer Systems, vol. 57, pp. 24–41, 2016. [citation][year=2015]Y. Wu, F. He, D. Zhang, and X. Li, “Service-Oriented Feature-Based Data Exchange for Cloud-Based Design and Manufacturing,” IEEE Transactions on Services Computing, pp. 1–1, 2015. 2014(1 publication) [publication]Nuno Antunes and Marco Vieira , "Penetration Testing for Web Services", IEEE Computer, vol. 47, pp. 30-36, 2014 [citation][year=2015]T. Aghariya, “Security Testing on Web Application,” MSc Thesis, Charles Darwin University, Darwin, 2015. [citation][year=2015]T. Fertig and P. Braun, “Model-driven Testing of RESTful APIs,” in Proceedings of the 24th International Conference on World Wide Web Companion, Republic and Canton of Geneva, Switzerland, 2015, pp. 1497–1502. [citation][year=2014]C. T. Phong and W. Q. Yan, “An Overview of Penetration Testing,” International Journal of Digital Crime and Forensics (IJDCF), vol. 6, no. 4, pp. 50–74, 2014. [citation][year=2014]T. P. Chiem, “A study of penetration testing tools and approaches,” MSc Thesis, Auckland University of Technology, Auckland, New Zealand, 2014. [citation][year=2014]I. Mukhopadhyay, “Web Penetration Testing using Nessus and Metasploit Tool,” IOSR Journal of Computer Engineering (IOSR-JCE), vol. 16, no. 3, pp. 126–129, 2014. 2012(1 publication) [publication]Nuno Antunes and Marco Vieira , "Defending against Web Application Vulnerabilities", Computer, vol. 45, pp. 66-72, 2012 [citation][year=2015]W. Zhenhui, W. Zhenduo, X. Yingbai, and Z. Kanmai, “Research And Design Of Xml-Based Web Database Security Middleware,” Computer Applications and Software, vol. 32, no. 8, pp. 38–42, 2015. [citation][year=2015]R. Jourmand and S. E. Alavi, “Detection of Anomalous users in Web Applications using Fuzzy Logic,” International Journal of Research and Review, vol. 2, no. 7, 2015. [citation][year=2015]S. Kak, “Security basics for web application developers,” International Journal of Information Technology & Computer Sciences Perspectives, vol. 4, no. 1, 2015. [citation][year=2015]D. Gol and N. Shah, “Web Application security tool to identify the different Vulnerabilities using RUP model.” [citation][year=2015]A. K. Shrestha, P. S. Maharjan, and S. Paudel, “Identification and Illustration of Insecure Direct Object References and their Countermeasures,” International Journal of Computer Applications, vol. 114, no. 18, 2015. [citation][year=2014]A.-S. K. Pathan and D. A. Kindy, “Lethality of SQL injection against current and future internet technologies,” International Journal of Computational Science and Engineering, vol. 9, no. 4, pp. 386–394, 2014. [citation][year=2014]A. Thankachan, R. Ramakrishnan, and M. Kalaiarasi, “A survey and vital analysis of various state of the art solutions for web application security,” in 2014 International Conference on Information Communication and Embedded Systems (ICICES), 2014, pp. 1–9. [citation][year=2014]A. Patil, R. Pandit, and S. Patel, “Implementation of security framework for multiple web applications,” in 2014 International Conference on Computer Communication and Informatics (ICCCI), 2014, pp. 1–7. [citation][year=2014]W. He, A. Kshirsagar, A. Nwala, and Y. Li, “Teaching Information Security with Workflow Technology–A Case Study Approach,” Journal of Information Systems Education, vol. 25, no. 3, p. 201, 2014. [citation][year=2014]C. T. Phong and W. Q. Yan, “An Overview of Penetration Testing,” International Journal of Digital Crime and Forensics (IJDCF), vol. 6, no. 4, pp. 50–74, 2014. [citation][year=2014]M. Kumar, “Security Issues and Privacy Concerns in the Implementation of Wireless Body Area Network,” in 2014 International Conference on Information Technology (ICIT), 2014, pp. 58–62. [citation][year=2014]A. AIT OUAHMAN, “SECURITY AND PRIVACY ISSUES IN CLOUD COMPUTING,” Journal of Defense Resources Management (JoDRM), no. 02, pp. 99–108, 2014. [citation][year=2014]T. P. Chiem, “A study of penetration testing tools and approaches,” MSc Thesis, Auckland University of Technology, Auckland, New Zealand, 2014. [citation][year=2014]S. George, “An Imperative Analysis of diverse State of Art Solutions for Internet and Web Application Security,” presented at the International conference on Computer Science and Information Systems (ICSIS’2014), Dubai, 2014. [citation][year=2014]D. G. Kumar and M. Chatterjee, “Detection Block Model for SQL Injection Attacks,” International Journal of Computer Network and Information Security(IJCNIS), vol. 6, no. 11, pp. 56–63, 2014. [citation][year=2014]P. D. Buck, Q. Shi, and B. Zhou, “Monitoring and Testing Web Services,” in The 15th Annual PostGraduate Symposium on The Convergence of Telecommunications, Networking and Broadcasting (PGNET 2014), Liverpool, UK, 2014. [citation][year=2014]K. A. Varunkumar, M. Prabakaran, A. Kaurav, S. S. Chakkaravarthy, S. Thiyagarajan, and P. Venkatesh, “Various Database Attacks and its Prevention Techniques.” [citation][year=2014]R. B. Kalaati and B. J. Chelliah, “SQL Injection: Attacking & Prevention Techniques,” International Journal of Innovative Research and Development, 2014. [citation][year=2014]I. M. Khalil, A. Khreishah, and M. Azeem, “Cloud Computing Security: A Survey,” Computers, vol. 3, no. 1, pp. 1–35, Feb. 2014. [citation][year=2013]A. Razzaq, K. Latif, H. F. Ahmad, A. Hur, Z. Anwar, and P. C. Bloodsworth, “Semantic security against web application attacks,” Information Sciences, Aug. 2013. [citation][year=2013]H. Shahriar, S. North, and W.-C. Chen, “EARLY DETECTION OF SQL INJECTION ATTACKS,” International Journal of Network Security & Its Applications (IJNSA), vol. 5, no. 4, pp. 53–65, Jul. 2013. [citation][year=2013]H. Shahriar, S. North, and W.-C. Chen, “Client-Side Detection of SQL Injection Attack,” in Advanced Information Systems Engineering Workshops, 2013, pp. 512–517. [citation][year=2013]Y. Hongyu, B. In, and X. Lixia, “Three-dimensional spherical model based XML communication protocols security evaluation method,” Journal on Communications, vol. 34, no. 3, pp. 183–191, 2013. [citation][year=2013]M. H. Abd. Rahim, “Information security management metrics in web application,” MSc Thesis, Universiti Teknologi Malaysia, Faculty of Computing, Malaysia, 2013. [citation][year=2013]A. Sadeghian, M. zamani, and S. Ibrahim, “SQL Injection Is Still Alive: A Study on SQL Injection Signature Evasion Techniques,” in 2013 International Conference on Informatics and Creative Multimedia (ICICM), 2013, pp. 265–268. [citation][year=2012]M. S. Parate and M. S. M. Nirkhi, “A Review of Network Forensics Techniques for the Analysis of Web Based Attack,” International Journal of Advanced Computer Research, vol. 2, no. 6, pp. 114–119, Dec. 2012. [citation][year=2012]H. Shahriar and M. Zulkernine, “Information-Theoretic Detection of SQL Injection Attacks,” in 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE), Omaha, NE, USA, 2012, pp. 40 –47. [citation][year=2012]T. Dehling and A. Sunyaev, “Information Security of Patient-Centred Services Utilising the German Nationwide Health Information Technology Infrastructure,” in 3rd USENIX Workshop on Heath Security and Privacy (HealthSec ’12), Bellevue, WA, 2012. [citation][year=2012]K. S. Han, T. Kim, K. Y. Han, J. M. Lim, and C. Pyo, “An Improvement of the Guideline of Secure Software Development for Korea E-Government,” Journal of the Korea Institute of Information Security and Cryptology, vol. 22, no. 5, pp. 1179–1189, 2012. Conference Articles 2020(3 publications) [publication]Paulo Silva and Godinho, C. and Gonçalves, C. and Nuno Antunes and Marilia Curado , "Using Natural Language Processing to Detect Privacy Violations in Online Contracts", in The 35th ACM/SIGAPP Symposium on AppliedComputing (SAC ’20), 2020 [publication]Casaleiro, R. and Paulo Silva and Simões, P. and Nuno Antunes and Marilia Curado and Edmundo Monteiro and Boavida, F. , "Gestão e Análise de Riscos na Plataforma de Proteção de Dados Pessoais Poseidon", in 9º Congresso Luso-Moçambicano de Engenharia, 2020 [publication]Naghmeh Ivaki and Nuno Antunes , "SIDE: Security-aware Integrated Development Environment", in The 31st International Symposium on Software Reliability Engineering (ISSRE 2020), 2020 2019(3 publications) [publication]Cardoso, W. and Martins, E. and Laranjeiro, N. and Nuno Antunes , "Combining State and Interface -Based Robustness Testing for OpenStack Components", in 9th Latin-American Symposium on Dependable Computing (LADC 2019), 2019 [publication]Valentim, I. and Lourenço, Nuno and Nuno Antunes , "The Impact of Data Preparation on the Fairness of Software Systems", in International Symposium on Software Reliability Engineering (ISSRE 2019), 2019 [publication]José Flora and Nuno Antunes , "Studying the Applicability of Intrusion Detection to Multi-Tenant Container Environments", in 2019 15th European Dependable Computing Conference (EDCC), 2019 2018(1 publication) [publication]Alic, A.S. and Almeida, J. and Jr, W.M. and Guedes, D. and Santos, W.d. and Blanquer, I. and Fiore, S. and Kozievitchi, N.P. and Andrade, N. and Braz, T. and Brito, A. and Pires, C.E. and Nuno Antunes and Marco Vieira and Paulo Silva and Ardagna, D. and Fonseca, K. and Lezzi, D. and Elia, D. and Moraes, R. and Basso, T. and Cavassin, W.H. , "GIS and Data: Three applications to enhance Mobility", in GeoInfo 2018, 2018 2017(2 publications) [publication]Ivano Alessandro Elia and Nuno Antunes and Laranjeiro, N. and Marco Vieira , "An Analysis of OpenStack Vulnerabilities", in 13th European Dependable Computing Conference (EDCC), 2017 [publication]Braga, A.M. and Dahab, R. and Nuno Antunes and Laranjeiro, N. and Marco Vieira , "Practical Evaluation of Static Code Analysis Tools for Cryptography: Benchmarking Method and Case Study", in The IEEE 28th International Symposium on Software Reliability Engineering (ISSRE 2017), 2017 2016(4 publications) [publication]Milenkoski, A. and Jayaram, K.R. and Nuno Antunes and Marco Vieira and Kounev, S. , "Quantifying the Attack Detection Accuracy of Intrusion Detection Systems in Virtualized Environments", in International Symposium on Software Reliability Engineering (ISSRE) , 2016 [publication]Luís Ventura and Nuno Antunes , "Experimental Assessment of NoSQL Databases Dependability", in European Dependable Computing Conference (EDCC2016), 2016 [publication]Alves, H. and Fonseca, B. and Nuno Antunes , "Software Metrics and Security Vulnerabilities: Dataset and Exploratory Study", in 12th European Dependable Computing Conference (EDCC), 2016, 2016 [publication]Matsunaga, A.P.S. and Nuno Antunes and Moraes, R. , "Coverage Metrics and Detection of Injection Vulnerabilities: An Experimental Study", in 12th European Dependable Computing Conference (EDCC), 2016, 2016 2015(3 publications) [publication]Milenkoski, A. and Payne, B.D. and Nuno Antunes and Marco Vieira and Kounev, S. and Avritzer, A. and Luft, M. , "Evaluation of Intrusion Detection Systems in Virtualized Environments Using Attack Injection", in 18th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2015, 2015 [publication]Nuno Antunes and Marco Vieira , "On the Metrics for Benchmarking Vulnerability Detection Tools", in Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, 2015 [publication]Carvalho, D. and Nuno Antunes and Milenkoski, A. and Kounev, S. , "Challenges of Assessing the Hypercall Interface Robustness (fast abstract)", in 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015, 2015 2014(4 publications) [publication]Areias, C. and Nuno Antunes and Cunha, J.C. , "On Applying FMEA to SOAs: A Proposal and Open Challenges", in 6th International Workshop on Software Engineering for Resilient Systems (SERENE'14), 2014 [citation][year=2017]Dal Lago, Loris. "Dependability Assessment of SOA-based Cyber-Physical Systems with Contracts and Model-Based Fault Injection." (2017). [publication]Milenkoski, A. and Payne, B.D. and Nuno Antunes and Marco Vieira and Kounev, S. , "An Analysis of Hypercall Handler Vulnerabilities ", in 2014 IEEE 25th International Symposium on Software Reliability Engineering (ISSRE), 2014 [citation][year=2015]R. J. Masti, C. Marforio, K. Kostiainen, C. Soriente, and S. Capkun, “Logical Partitions on Many-Core Platforms,” in Proceedings of the 31st Annual Computer Security Applications Conference, New York, NY, USA, 2015, pp. 451–460. [publication]Duchi, F. and Nuno Antunes and Ceccarelli, A. and Vella, G. and Rossi, F. and Bondavalli, A. , "Cost-Effective Testing for Critical Off-The-Shelf Services", in Workshop Paper, 1st International Workshop on DEvelopment, Verification and VAlidation of cRiTical Systems (DEVVARTS2014), 2014 [publication]Basso, T. and Piardi, L. and Moraes, R. and Jino, M. and Nuno Antunes and Marco Vieira , "A Framework for Expressing and Enforcing Purpose-Based Privacy Policies", in XVI Workshop de Testes e Tolerância a Falhas, WTF 2015, 2014 2013(5 publications) [publication]Nuno Antunes and Marco Vieira , "SOA-Scanner: An Integrated Tool to Detect Vulnerabilities in Service-Based Infrastructures", in 10th IEEE International Conference on Services Computing (SCC 2013), 2013 [citation][year=2015]J. Thome, L. K. Shar, and L. Briand, “Security Slicing for Auditing XML, XPath, and SQL Injection Vulnerabilities,” in 26th IEEE International Symposium on Software Reliability Engineering, Washington, D.C., 2015. [citation][year=2015]M.-A. Laverdiere, B. J. Berger, and E. Merloz, “Taint analysis of manual service compositions using Cross-Application Call Graphs,” in 2015 IEEE 22nd International Conference on Software Analysis, Evolution and Reengineering (SANER), 2015, pp. 585–589. [publication]Areias, C. and Nuno Antunes and Cunha, J.C. and Marco Vieira , "Towards Runtime V&V for Service Oriented Architectures", in Sixth Latin-American Symposium on Dependable Computing, 2013 [publication]Basso, T. and Nuno Antunes and Moraes, R. and Marco Vieira , "An XML-based Policy Model for Access Control in Web Applications", in 24th International Conference on Database and Expert Systems Applications (DEXA '13), 2013 [publication]Nuno Antunes and Brancati, F. and Ceccarelli, A. and Bondavalli, A. and Marco Vieira , "A Monitoring and Testing Framework for Critical Off-The-Shelf Applications and Services", in 3rd IEEE International Workshop on Software Certification (WoSoCer2013) co-located with the 24rd IEEE International Symposium on Software Reliability Engineering (ISSRE 2013), 2013 [publication]Milenkoski, A. and Payne, B.D. and Nuno Antunes and Marco Vieira and Kounev, S. , "HInjector: Injecting Hypercall Attacks for Evaluating VMI-based Intrusion Detection Systems", in Poster Paper, The 2013 Annual Computer Security Applications Conference (ACSAC 2013), 2013 [citation][year=2015]M. A. Hakamian and A. M. Rahmani, “Evaluation of isolation in virtual machine environments encounter in effective attacks against memory,” Security Comm. Networks, vol. 8, no. 18, pp. 4396–4406, 2015. 2012(2 publications) [publication]Nuno Antunes and Marco Vieira , "Evaluating and Improving Penetration Testing in WebServices", in 23rd IEEE International Symposium on Software Reliability Engineering (ISSRE 2012), 2012 [citation][year=2015]S. Karumanchi and A. Squicciarini, “A Large Scale Study of Web Service Vulnerabilities,” Journal of Internet Services and Information Security (JISIS), vol. 5, no. 1, pp. 53–69, 2015. [citation][year=2014]J. Upadhyaya, N. Panda, and A. A. Acharya, “Attack Generation and Vulnerability Discovery in Penetration Testing using Sql Injection,” 2014. [citation][year=2014]S. Karumanchi and A. C. Squicciarini, “In the Wild: a Large Scale Study of Web Services Vulnerabilities,” presented at the 29th Symposium On Applied Computing, Gyeongju, Republic of Korea, 2014. [publication]Nuno Antunes and Marco Vieira , "Detecting Vulnerabilities in Service Oriented Architectures", in IEEE 23rd International Symposium on Software Reliability Engineering – Student Forum (ISSRE 2012), 2012 2011(1 publication) [publication]Nuno Antunes and Marco Vieira , "Enhancing Penetration Testing with Attack Signatures and Interface Monitoring for the Detection of Injection Vulnerabilities in Web Services", in IEEE 8th International Conference on Services Computing (SCC 2011), 2011 [citation][year=2016]Y.-C. Cho, “Implementation and analysis of website security mining system, applied to universities’ academic networks,” Tehnicki vjesnik - Technical Gazette, vol. 22, no. 2, pp. 279–287, 2015. [citation][year=2016]S. Utsai and R. B. Joshi, “DOS Attack Reduction by using Web Service Filter,” International Journal of Computer Applications, vol. 105, no. 14, 2014. [citation][year=2016]S. H. Ghotbi, “A declarative and fine-grained policy language for the web application domain,” Ph.D. Thesis, University of Southampton, Southampton, UK, 2014. [citation][year=2016]S. Utsai and R. B. Joshi, “DoS Attack Mitigation by Web Service Filter,” in Proceedings of Third Post Graduate Conference on “Computer Engineering“, 2014, vol. 4. [citation][year=2016]M. Anisetti, C. A. Ardagna, E. Damiani, and N. El Ioini, “Trustworthy Cloud Certification: A Model-Based Approach,” in Data-Driven Process Discovery and Analysis, Springer, 2014, pp. 107–122. [citation][year=2016]P. D. Buck, Q. Shi, and B. Zhou, “Monitoring and Testing Web Services,” in The 15th Annual PostGraduate Symposium on The Convergence of Telecommunications, Networking and Broadcasting (PGNET 2014), Liverpool, UK, 2014. [citation][year=2013]C. Schanes, A. Hubler, F. Fankhauser, and T. Grechenig, “Generic Approach for Security Error Detection Based on Learned System Behavior Models for Automated Security Tests,” presented at the Fourth International Workshop on Security Testing, Luxembourg, 2013. [citation][year=2013]L. Stage, “Entwurf einer Methodik zum Testen der Sicherheit von Web-Service-basierten Systemen,” University of Stuttgart, 2013. [citation][year=2013]Y.-C. Cho and J.-Y. Pan, “Vulnerability Assessment of IPv6 Websites to SQL Injection and other Application Level Attacks,” The Scientific World Journal, vol. 2013, 2013. [citation][year=2013]D. A. Franco, J. L. Perea, and L. C. Tovar, “Herramienta para la Detección de Vulnerabilidades basada en la Identificación de Servicios,” Información tecnológica, vol. 24, no. 5, pp. 13–22, 2013. [citation][year=2012]A. Andrekanic and R. Gamble, “Architecting Web Service Attack Detection Handlers,” in 2012 IEEE 19th International Conference on Web Services (ICWS 2012), Honolulu, Hawaii, USA, 2012, pp. 130 –137. 2010(1 publication) [publication]Nuno Antunes and Marco Vieira , "Benchmarking Vulnerability Detection Tools for Web Services", in IEEE International Conference on Web Services (ICWS 2010), 2010 [citation][year=2015]M.-A. Laverdiere, B. J. Berger, and E. Merloz, “Taint analysis of manual service compositions using Cross-Application Call Graphs,” in 2015 IEEE 22nd International Conference on Software Analysis, Evolution and Reengineering (SANER), 2015, pp. 585–589. [citation][year=2015]S. Deng, L. Huang, Y. Yin, and W. Tang, “Trust-based Service Recommendation in Social Network,” Applied Mathematics & Information Sciences, vol. 9, no. 3, pp. 1567–1574, 2015. [citation][year=2015]M. H. A. N. and C. Miao, “Structured Query Language Injection Penetration Test Case Generation Based on Formal Description,” Journal of Donghua University(English Edition), vol. 32, no. 3, pp. 446–452, 2015. [citation][year=2014]Zhang Jing and Peng Xinguang, “Research On Penetration Test For Android-Based Smartphone,” ????????, vol. 31, no. 12, pp. 29–32, 2014. [citation][year=2014]P. D. Buck, Q. Shi, and B. Zhou, “Monitoring and Testing Web Services,” 2014. [citation][year=2014]S. Shah and B. M. Mehtre, “An overview of vulnerability assessment and penetration testing techniques,” Journal of Computer Virology and Hacking Techniques, 2014. [citation][year=2014]Y.-H. Tung, S.-S. Tseng, J.-F. Shih, and H.-L. Shan, “W-VST: A Testbed for Evaluating Web Vulnerability Scanner,” in Quality Software (QSIC), 2014 14th International Conference on, 2014, pp. 228–233. [citation][year=2014]H. Holm, “A Framework and Calculation Engine for Modeling and Predicting the Cyber Security of Enterprise Architectures,” KTH Royal Institute of Technology, Stockholm, 2014. [citation][year=2014]S. R. Kesharwani and A. Deshpande, “A Survey On XML-Injection Attack Detection Systems,” International Journal of Science and Research (IJSR), vol. 3, no. 5, 2014. [citation][year=2014]S. Shah and B. M. Mehtre, “A Modern Approach to Cyber Security Analysis Using Vulnerability Assessment and Penetration Testing,” International Journal of Electronics Communication and Computer Engineering, vol. 4, no. 6, pp. 47–52. [citation][year=2013]A. Nakamura, “Towards Unified Vulnerability Assessment with Open Data,” in IEEE 37th Annual Computer Software and Applications Conference Workshops (COMPSACW), 2013, 2013, pp. 248–253. [citation][year=2013]M. E. Ruse, “Model checking techniques for vulnerability analysis of Web applications,” Ph.D. Thesis, Iowa State University, Ames, Iowa, 2013. [citation][year=2013]H. Holm, M. Ekstedt, and T. Sommestad, “Effort estimates on web application vulnerability discovery,” in Hawaii International Conference on System Sciences 46 (HICSS), Grand Wailea, Maui, Hawaii, 2013. [citation][year=2013]Z. Wenfeng, X. Shengwei, P. Yaping, and F. Yong, “Design of a Penetration Testing Model for Mobile Internet Web Application,” Journal of Beijing Electronic Science & Technology Institute, vol. 20, no. 4, 2013. [citation][year=2013]T. Mattos, A. Santin, and A. Malucelli, “Mitigating XML Injection Zero-Day Attack through Strategy-based Detection System,” IEEE Security & Privacy, vol. 11, no. 4, pp. 46–53, 2013. [citation][year=2013]Y.-H. Tung, S.-S. Tseng, J.-F. Shih, and H.-L. Shan, “A cost-effective approach to evaluating security vulnerability scanner,” in 15th Asia-Pacific Network Operations and Management Symposium (APNOMS), 2013, 2013, pp. 1–3. [citation][year=2012]H. Holm, T. Sommestad, U. Franke, and M. Ekstedt, “Success Rate of Remote Code Execution Attacks-Expert Assessments and Observations,” Journal of Universal Computer Science, vol. 18, no. 6, pp. 732–749, 2012. [citation][year=2012]J. L. Perea Ramos, D. A. Franco Borré, and J. C. Rodríguez Ribón, “Estado del arte de vulnerabilidades de las IT,” INGENIATOR, vol. 2, no. 3, Apr. 2012. [citation][year=2012]M. I. P. Salas, “Metodologia de Testes de Segurança para Análise de Robustez de Web Services pela Injeção de Ataques,” MSc Thesis, IC-UNICAMP, Campinas, Brasil, 2012. [citation][year=2011]Jeff Stuckman, James Purtilo, "A Testbed for the Evaluation of Web Intrusion Prevention Systems", 2011 Third International Workshop on Security Measurements and Metrics, Metrisec, September 2011. [citation][year=2011]Liang-Jie (LJ) Zhang, "Guest Editor's Introduction", Services Computing, Computing Now, January 2011. [citation][year=2011]J.L. Perea, D.A. Franco, “Estado del Arte de la Seguridad de las Aplicaciones Web”, Décima Conferencia Iberoamericana en Sistemas, Cibernética e Informática, CISCI 2011, Orlando, Florida, 2011. 2009(4 publications) [publication]Nuno Antunes and Laranjeiro, N. and Marco Vieira and Madeira, H. , "Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services", in IEEE International Conference on Services Computing (SCC 2009), 2009 [citation][year=2015]D. Appelt, C. D. Nguyen, and L. Briand, “Behind an Application Firewall, Are We Safe from SQL Injection Attacks?,” in 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST), 2015, pp. 1–10. [citation][year=2015]M. H. A. N. and C. Miao, “Structured Query Language Injection Penetration Test Case Generation Based on Formal Description,” Journal of Donghua University(English Edition), vol. 32, no. 3, pp. 446–452, 2015. [citation][year=2015]P. Mehta, J. Sharda, and M. L. Das, “SQLshield: Preventing SQL Injection Attacks by Modifying User Input Data,” in Information Systems Security, S. Jajodia and C. Mazumdar, Eds. Springer International Publishing, 2015, pp. 192–206 [citation][year=2015]P. Shirani, M. A. Azgomi, and S. Alrabaee, “A method for intrusion detection in web services based on time series,” in 2015 IEEE 28th Canadian Conference on Electrical and Computer Engineering (CCECE), 2015, pp. 836–841. [citation][year=2015]T. Aghariya, “Security Testing on Web Application,” MSc Thesis, Charles Darwin University, Darwin, 2015 [Online]. Available: http://espace.cdu.edu.au/eserv/cdu:46186/Thesis_CDU_46186_Aghariya_T.pdf. [Accessed: 22-Aug-2015] [citation][year=2015]A. Mahadkar and N. Singh, “A review on approaches for web application vulnerabilities detection,” International journal of Advance Engineering and Research Development (IJAERD), vol. 2, no. 1, pp. 293–295, 2015. [citation][year=2014]T. K. Saha and A. S. Ali, “Web Application Security Attacks and Countermeasures,” Case Studies in Secure Computing: Achievements and Trends, p. 343, 2014. [citation][year=2014]V. Shanmuga Neethi, “Prevention of code injection vulnerabilities in web applications through web services,” Ph.D. Thesis, Anna University, Chennai, India, 2014. [citation][year=2014]D. Appelt, C. D. Nguyen, L. C. Briand, and N. Alshahwan, “Automated testing for SQL injection vulnerabilities: An input mutation approach,” in Proceedings of the 2014 International Symposium on Software Testing and Analysis, 2014, pp. 259–269 [Online]. Available: http://dl.acm.org/citation.cfm?id=2610403. [Accessed: 20-Jan-2016] [citation][year=2014]P. D. Buck, Q. Shi, and B. Zhou, “Monitoring and Testing Web Services,” in The 15th Annual PostGraduate Symposium on The Convergence of Telecommunications, Networking and Broadcasting (PGNET 2014), Liverpool, UK, 2014 [Online]. Available: http://www.cms.livjm.ac.uk/PGNet2014/papers/1569959305.pdf. [Accessed: 09-Sep-2014] [citation][year=2014]M. Mirjalili, A. Nowroozi, and M. Alidoosti, “A survey on web penetration test,” Advances in Computer Science: an International Journal (ACSIJ), vol. 3, no. 6, 2014. [citation][year=2014]Zhuo Ying gun and Pan Renyi, “Design and implementation of website information disclosure assessment system,” Ph.D. Thesis, National Chung Cheng University, 2014. [citation][year=2014]D. Appelt, N. Alshahwan, D. C. Nguyen, and L. Briand, “Black-box SQL Injection Testing,” University of Luxembourg, TR-SnT-2014-1, 2014 [Online]. Available: http://orbilu.uni.lu/handle/10993/15121. [Accessed: 18-Sep-2014] [citation][year=2014]B. Mohamed Ibrahim and A. R. Mohamed Shanavas, “Severe SOA Security Threats on SOAP Web Services–A Critical Analysis,” IOSR Journal of Computer Engineering (IOSR-JCE), vol. 16, no. 2, pp. 135–141, 2014. [citation][year=2014]R. J. Manoj, A. Chandrasekhar, and M. A. Praveena, “An Approach to Detect and Prevent Tautology Type SQL Injection in Web Service Based on XSchema validation,” International Journal Of Engineering And Computer Science, vol. 3, no. 1, pp. 3695–3699, Jan. 2014. [citation][year=2014]E. Shafie, “Runtime Detection and Prevention for Structure Query Language Injection Attacks,” Ph.D. Thesis, De Montfort University, England, 2013 [Online]. Available: https://www.dora.dmu.ac.uk/xmlui/handle/2086/10076. [Accessed: 18-Sep-2014] [citation][year=2013]P. Zech, M. Felderer, M. Farwick, and R. Breu, “A Concept for Language-Oriented Security Testing,” in 2013 IEEE 7th International Conference on Software Security and Reliability-Companion (SERE-C), 2013, pp. 53–62. [citation][year=2013]J. Lakhani, “Blind XPath Injection Attack: A Case Study,” International Journal of System & Software Engineering, vol. 1, no. 1, pp. 30–34, Jun. 2013. [citation][year=2013]Luo Qi-Han, Zhang Yu-Qing, and Liu Qi-Xu, “Design and implementation of a SQL injection vulnerability detection tool on RESTful API,” Journal of Graduate University of Chinese Academy of Sciences, vol. 30, no. 3, pp. 417–424, 2013. [citation][year=2013]L. Stage, “Entwurf einer Methodik zum Testen der Sicherheit von Web-Service-basierten Systemen,” University of Stuttgart, 2013 [Online]. Available: ftp://ftp.informatik.uni-stuttgart.de/pub/library/medoc.ustuttgart_fi/DIP-3501/DIP-3501.pdf. [Accessed: 13-Jan-2014] [citation][year=2013]A. Asmawi, L. S. Affendey, N. I. Udzir, and R. Mahmod, “XIPS: A Model-based Prevention Mechanism for Preventing Blind XPath Injection in Database-Centric Web Services Environment,” International Journal of Advancements in Computing Technology (IJACT), vol. 5, no. 10, 2013 [Online]. Available: http://www.aicit.org/IJACT/ppl/IJACT3093PPL.pdf. [Accessed: 11-Jun-2014] [citation][year=2013]L. Lei, X. Jing, L. Minglei, and Y. Jufeng, “A Dynamic SQL Injection Vulnerability Test Case Generation Model Based on the Multiple Phases Detection Approach,” in Computer Software and Applications Conference (COMPSAC), 2013 IEEE 37th Annual, 2013, pp. 256–261. [citation][year=2013]A. N. Gupta and P. S. Thilagam, “Attacks on Web Services Need To Secure XML on Web,” Computer Science & Engineering: An International Journal, vol. 3, no. 5, 2013 [Online]. Available: http://search.ebscohost.com/login.aspx?direct=true&profile=ehost&scope=site&authtype=crawler&jrnl=22313583&AN=92015920&h=iMqkcNK0LUFoRJIbd7JQYgPgr6yHFEz0Mjfg+LRf9wGQNss6EgEwDEGzmaZBHpOu2VaugC6VNulYB2RFkmRDzw==&crl=c. [Accessed: 16-Dec-2013] [citation][year=2013]N. Arora and S. Tanwani, “Emerging Web Services Trends and Challenges,” International Journal of Systems, Algorithms & Applications (IJSAA), vol. 3, no. ICRAET13, pp. 6–11, Mar. 2013. [citation][year=2013]A. Ghourabi, T. Abbes, and A. Bouhoula, “Characterization of attacks collected from the deployment of Web service honeypot,” Security and Communication Networks, 2013 [Online]. Available: http://onlinelibrary.wiley.com/doi/10.1002/sec.737/abstract. [Accessed: 04-Mar-2013] [citation][year=2013]Z. Z. Zhang, Q. Y. Wen, and Z. Zhang, “An Improved Approach for SQL Injection Vulnerabilities Detection,” Applied Mechanics and Materials, vol. 263, pp. 3017–3020, 2013. [citation][year=2013]W. Phocharoen and T. Senivongse, “A Security Attack Risk Assessment for Web Services Based on Data Schemas and Semantics,” in Proceedings of the 2012 International Conference on Information Technology and Software Engineering, W. Lu, G. Cai, W. Liu, and W. Xing, Eds. Springer Berlin Heidelberg, 2013, pp. 135–143 [citation][year=2012]I. Lundgren, “Securing public APIs using OAuth and OAuthLib,” BSc Thesis, Department of Computer Science, Electrical and Space Engineering, Luleå University of Technology, 2012. [citation][year=2012]A. Asmawi, L. S. Affendey, N. I. Udzir, and R. Mahmod, “Model-based system architecture for preventing XPath injection in database-centric web services environment,” in 7th International Conference on Computing and Convergence Technology (ICCCT 2012), Seoul, South Korea, 2012, pp. 621–625. [citation][year=2012]Xu Jing, Tian Wei, Liu Lei, Zhang Ying, and Yang Jufeng, “Model-driven web Application SQL Injection penetration testing,” High Technology Letters, vol. 22, no. 11, pp. 1161–1168, 2012. [citation][year=2012]K. Liu, H. B. K. Tan, and L. K. Shar, “Semi-Automated Verification of Defense against SQL Injection in Web Applications,” in 2012 19th Asia-Pacific Software Engineering Conference (APSEC), 2012, vol. 1, pp. 91 –96. [citation][year=2012]T. Wei, Y. Ju-Feng, X. Jing, and S. Guan-Nan, “Attack Model Based Penetration Test for SQL Injection Vulnerability,” in 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops (COMPSACW), Izmir, Turkey, 2012, pp. 589 –594. [citation][year=2012]V. Shanmughaneethi, R. Y. Praveen, and S. Swamynathan, “CIVD: detection of command injection vulnerabilities in web services through aspect–oriented programming,” International Journal of Computer Applications in Technology, vol. 44, no. 4, pp. 312–320, Jan. 2012. [citation][year=2011]F. van der Loo, “Comparison of penetration testing tools for web applications,” MSc Thesis, University of Radboud, Netherlands, 2011. [citation][year=2011]V. Shanmughaneethi, R. Ravichandran, and S. Swamynathan, “PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications,” International Journal on Web Service Computing, vol. 2, no. 3, pp. 192–201, Sep. 2011. [citation][year=2011]A. R. Pais, D. J. Deepak, and B. R. Chandavarkar, “Protection against Denial of Service and Input Manipulation Vulnerabilities in Service Oriented Architecture,” in Advances in Network Security and Applications, vol. 196, D. C. Wyld, M. Wozniak, N. Chaki, N. Meghanathan, and D. Nagamalai, Eds. Springer Berlin Heidelberg, 2011, pp. 331–343. [citation][year=2011]V. Shanmughaneethi, R. Y. Pravin, and S. Swamynathan, “XIVD: Runtime Detection of XPath Injection Vulnerabilities in XML Databases through Aspect Oriented Programming,” Advances in Computing and Information Technology, pp. 192–201, 2011. [citation][year=2010]A. S. Khader, “Preventing MS SQL Injection in Web Application,” MSc Thesis, University Utara Malaysia, 2010. [citation][year=2010]P. R. Yadav, “Protection Against Denial of Service Attack in Service Oriented Architecture,” MSc Thesis – Master of Technology in Computer Science & Engineering – Information Security, Department of Computer Enginering, National Institute of Technology Karnataka (NITK), Surathkal, Mangalore, 2010. [citation][year=2010]D. J. Deepak, “Protection Against Input Manipulation vulnerabilities in Service Oriented Architecture,” MSc Thesis – Master of Technology in Computer Science & Engineering – Information Security, Department of Computer Engineering - National Institute of Technology Karnataka, Mangalore, India, 2010. [citation][year=2010]A. Anchlia and S. Jain, “A Novel Injection Aware Approach for the Testing of Database Applications,” in 2010 International Conference on Recent Trends in Information, Telecommunication and Computing, 2010, pp. 311–313. [citation][year=2010]S. Madan and S. Madan, “Security Standards Perspective to Fortify Web Database Applications from Code Injection Attacks,” in 2010 International Conference on Intelligent Systems, Modelling and Simulation, 2010, pp. 226–230. [publication]Marco Vieira and Nuno Antunes and Madeira, H. , "Using Web Security Scanners to Detect Vulnerabilities in Web Services", in 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2009), 2009 [citation][year=2014]M. K. N. Durai and K. Priyadharsini, “A Survey on Security Properties and Web Application Scanner,” International Journal of Computer Science and Mobile Computing, vol. 3, no. 10, pp. 517–527, 2014. [citation][year=2014]M. Mirjalili, A. Nowroozi, and M. Alidoosti, “A survey on web penetration test,” Advances in Computer Science: an International Journa, vol. 3, no. 6, 2014. [citation][year=2014]??? and ???, “Design and implementation of website information disclosure assessment system,” 2014. [citation][year=2014]T. P. Chiem, “A study of penetration testing tools and approaches,” MSc Thesis, Auckland University of Technology, Auckland, New Zealand, 2014. [citation][year=2014]P. D. Buck, Q. Shi, and B. Zhou, “Monitoring and Testing Web Services,” 2014. [citation][year=2014]R. M. Jnena, “Modern Approach for WEB Applications Vulnerability Analysis,” MSc Thesis, The Islamic University of Gaza, 2013. [citation][year=2014]D. Appelt, N. Alshahwan, D. C. Nguyen, and L. Briand, “Black-box SQL Injection Testing,” University of Luxembourg, TR-SnT-2014-1, 2014. [citation][year=2014]D. Appelt, N. Alshahwan, and L. Briand, “Assessing the Impact of Firewalls and Database Proxies on SQL Injection Testing,” in Future Internet Testing, T. E. J. Vos, K. Lakhotia, and S. Bauersfeld, Eds. Springer International Publishing, 2014, pp. 32–47. [citation][year=2014]M. Kranch and J. Bonneau, “Upgrading HTTPS in mid-air: An empirical study of strict transport security and key pinning.” [citation][year=2014]A. L. Doupé, “Advanced Automated Web Application Vulnerability Analysis,” Ph.D. Thesis, UNIVERSITY OF CALIFORNIA Santa Barbara, Santa Barbara, 2014. [citation][year=2014]M. I. P. Salas and E. Martins, “Security Testing Methodology for Vulnerabilities Detection of XSS in Web Services and WS-Security,” in Electronic Notes in Theoretical Computer Science, 2014, vol. 302, pp. 133–154. [citation][year=2014]S. Gil, A. Kott, and A.-L. Barabási, “A genetic epidemiology approach to cyber-security,” Sci. Rep., vol. 4, Jul. 2014. [citation][year=2014]S. Karumanchi and A. C. Squicciarini, “In the Wild: a Large Scale Study of Web Services Vulnerabilities,” presented at the 29th Symposium On Applied Computing, Gyeongju, Republic of Korea, 2014. [citation][year=2014]R. J. Manoj, A. Chandrasekhar, and M. A. Praveena, “An Approach to Detect and Prevent Tautology Type SQL Injection in Web Service Based on XSchema validation,” International Journal Of Engineering And Computer Science, vol. 3, no. 1, pp. 3695–3699, Jan. 2014. [citation][year=2014]I. Medeiros, N. F. Neves, and M. Correia, “Automatic Detection and Correction of Web Application Vulnerabilities using Data Mining to Predict False Positives,” in Proceedings of the International World Wide Web Conference (WWW), Seoul, Korea, 2014. [citation][year=2013]???, ???, and ???, “?? RESTful API ? SQL ??????????????,” ???????????, vol. 30, no. 3, pp. 417–424, 2013. [citation][year=2013]P. Zech, M. Felderer, M. Farwick, and R. Breu, “A Concept for Language-Oriented Security Testing,” in 2013 IEEE 7th International Conference on Software Security and Reliability-Companion (SERE-C), 2013, pp. 53–62. [citation][year=2013]A. Asmawi, L. S. Affendey, N. I. Udzir, and R. Mahmod, “XIPS: A Model-based Prevention Mechanism for Preventing Blind XPath Injection in Database-Centric Web Services Environment,” International Journal of Advancements in Computing Technology (IJACT), vol. 5, no. 10, 2013. [citation][year=2013]L. Stage, “Entwurf einer Methodik zum Testen der Sicherheit von Web-Service-basierten Systemen,” University of Stuttgart, 2013. [citation][year=2013]C. Ma, Y. Duan, X. Ju, and F. Xu, “WS-S Evaluation Based on User Preferences and Ranking Mechanism,” in 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2013, pp. 298–301. [citation][year=2013]Y.-C. Cho and J.-Y. Pan, “Vulnerability Assessment of IPv6 Websites to SQL Injection and other Application Level Attacks,” The Scientific World Journal, vol. 2013, 2013. [citation][year=2013]R. I. Hassan and N. H. B. M. Alwi, “Penetration Testing for Libyan Government Website,” presented at the Fourth International Conference on Computing and Informatics 2013 (ICOCI 2013), Kuching, Sarawak, Malaysia, 2013. [citation][year=2013]J. E. Stein, “Metodologia de Configuração de Vulnerabilidades para o Modsecurity,” Colégio Técnico Industrial de Santa Maria - Universidade Federal de Santa Maria, Santa Maria, RS, Brasil, Curso Superior de Tecnologia em Redes de Computadores, 2013. [citation][year=2013]N. F. Awang and A. A. Manaf, “Self Assessment Framework For Detecting Vulnerability In Web Applications,” in The Third International Conference on Digital Information and Communication Technology and its Applications (DICTAP2013), 2013, pp. 283–287. [citation][year=2013]I. Medeiros, N. F. Neves, and M. Correia, “Securing Energy Metering Software with Automatic Source Code Correction,” in 11th IEEE International Conference on Industrial Informatics (INDIN 2013). [citation][year=2013]Z. Zheng and M. R. Lyu, “Background Review,” in QoS Management of Web Services, Springer Berlin Heidelberg, 2013, pp. 9–17. [citation][year=2013]S. Wang, Y. Gong, G. Chen, Q. Sun, and F. Yang, “Service Vulnerability Scanning based on Service-oriented Architecture in Web Service Environments,” Journal of Systems Architecture. [citation][year=2013]P. Payet, A. Doupé, C. Kruegel, and G. Vigna, “EARs in the Wild: Large-Scale Analysis of Execution After Redirect Vulnerabilities,” 28th Symposium On Applied Computing, Mar. 2013. [citation][year=2012]A. Asmawi, L. S. Affendey, N. I. Udzir, and R. Mahmod, “Model-based system architecture for preventing XPath injection in database-centric web services environment,” in 7th International Conference on Computing and Convergence Technology (ICCCT 2012), Seoul, South Korea, 2012, pp. 621–625. [citation][year=2012]S. S. Venkatraman, “Systematically Enhancing Black-Box Web Vulnerability Scanners,” Master of Science, National University of Singapore Singapore, Singapore, 2012. [citation][year=2012]M. P. Salas and E. Martins, “Emulation of Malformed XML Using WSInject for Security Testing Against WS-Security,” presented at the IEEE Latin-American Conference on Communications (LATINCOM), Cuenca, Ecuador, 2012. [citation][year=2012]D. N. Swetha and B. S. Kumar, “Protocol Based Approach on Vulnerability Detection Tools of SQLIA along with Monitoring Tools,” International Journal of Computer Science Engineering and Technology (IJCSET), vol. 2, no. 11, pp. 1476–1482, Nov. 2012. [citation][year=2012]Z. Zheng, Y. Zhang, and M. Lyu, “Investigating QoS of Real-World Web Services,” IEEE Transactions on Services Computing, vol. PP, no. 99, p. 1, 2012. [citation][year=2012]D. Hauzar and J. Kofron, “On Security Analysis of PHP Web Applications,” in Computer Software and Applications Conference Workshops (COMPSACW), 2012 IEEE 36th Annual, 2012, pp. 577 –582. [citation][year=2012]S. Katkar Anjali and B. Kulkarni Raj, “Web Vulnerability Detection and Security Mechanism,” International Journal of Soft Computing and Engineering (IJSCE), vol. 2, no. 4, pp. 237–241, Sep. 2012. [citation][year=2012]M. P. Salas and E. Martins, “Emulação de Ataques do Tipo XPath Injection para Testes de Web Services usando Injeção de Falhas,” in XIII Workshop de Testes e Tolerância a Falhas, Ouro Preto - MG, Brasil, 2012. [citation][year=2012]D. Rocha, D. Kreutz, and R. Turchetti, “A free and extensible tool to detect vulnerabilities in Web systems,” in 2012 7th Iberian Conference on Information Systems and Technologies (CISTI), 2012, pp. 1 –6. [citation][year=2012]A. Malhotra, N. Navdeep, and G. S. Sekhon, “Browser Prevention Against Phishing Website Security Risk,” International journal of Computer Science & Communication, vol. III, no. 1, pp. 215–219, Jun. 2012. [citation][year=2012]WANG Li-Jie, LI Meng, CAI Si-Bo, LI Ge, XIE Bing, and YANG Fu-Qing, “Internet Information Search Based Approach to Enriching Textual Descriptions for Public Web Services,” Journal of Software, vol. 23, no. 6, 2012. [citation][year=2012]A. Doupé, L. Cavedon, C. Kruegel, and G. Vigna, “Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner,” in 21st USENIX Security Symposium (USENIX Security ’12), Bellevue, WA, 2012. [citation][year=2012]P. Zech, M. Felderer, and R. Breu, “Towards Risk–Driven Security Testing of Service Centric Systems,” presented at the QSIC, 2012. [citation][year=2012]M. H. Al-Ibrahim, “Are Our Educational Technology Systems Secure?,” International Journal of Innovation, Management and Technology (IJIMT), vol. 3, no. 3, pp. 241–245, 2012. [citation][year=2012]M. Murali and R. Srinivasan, “Inter-domain Authentication Scheme in a Distributed Mobile Network,” Research Journal of Information Technology, 2012. [citation][year=2012]V. Prasath, “Building Trust for Web Services Security Patterns,” International Journal of Applied Information Systems (IJAIS), vol. 3, no. 2, pp. 14–20, Jul. 2012. [citation][year=2011]D. Hauzar and J. Kofron, “Hunting Bugs Inside Web Applications,” Technical Report, Oct. 2011. [citation][year=2011]SU Bin and YANG Yin, “The Limitations of Network Applications Vulnerability Scanner,” Network and Computer Security, no. 5, pp. 77–79, 2011. [citation][year=2011]F. van der Loo, “Comparison of penetration testing tools for web applications,” MSc Thesis, University of Radboud, Netherlands, 2011. [citation][year=2011]V. Shanmughaneethi, R. Ravichandran, and S. Swamynathan, “PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications,” International Journal on Web Service Computing, vol. 2, no. 3, pp. 192–201, Sep. 2011. [citation][year=2011]A. M. Ferreira and H. Kleppe, “Effectiveness of Automated Application Penetration Testing Tools,” 2011. [citation][year=2011]J. Chen and S. Kulkarni, “Effectiveness of Transition Systems to Model Faults,” in Proceedings of the 2nd International Workshop on Logical Aspects of Fault-Tolerance (LAFT) In conjunction with LICS’11., Toronto, Canada, 2011. [citation][year=2011]V. Shanmughaneethi, R. Y. Pravin, and S. Swamynathan, “XIVD: Runtime Detection of XPath Injection Vulnerabilities in XML Databases through Aspect Oriented Programming,” Advances in Computing and Information Technology, pp. 192–201, 2011. [citation][year=2011]Z. Zheng, “QoS Management of Web Services,” Ph.D. Thesis, The Chinese University of Hong Kong, Hong Kong, 2011. [citation][year=2011]Wang Xin, Wei Gengyu, Zhang Dongmei, Yang Yixian, "Web Application Vulnerability Detection Based on Reinforcement Learning", 3rd International Conference on Computer and Network Technology, ICCNT 2011, Taiyuan, China, February 26-28, 2011. [citation][year=2010]AOKI T. and YASUDA H., “Web Fingerprint: A New Scheme to Arbitrate Mismatch of Web Pages,” The Journal of the Institute of Image Electronics Engineers of Japan, vol. 39, no. 5, pp. 644–653, Sep. 2010. [citation][year=2010]X. Wang, L. Wang, G. Wei, D. Zhang, and Y. Yang, “Hidden web crawling for SQL injection detection,” in 3rd IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT), Beijing, China, 2010, pp. 14–18. [citation][year=2010]M. P. Correia and P. J. Sousa, Segurança no Software. Lisboa, Portugal: FCA, 2010. [citation][year=2010]C. Lai-Cheng, “Enhancing Distributed Web Security Based on Kerberos Authentication Service,” in Web Information Systems and Mining, vol. 6318, F. Wang, Z. Gong, X. Luo, and J. Lei, Eds. Springer Berlin / Heidelberg, 2010, pp. 171–178. [citation][year=2010]D. A. Shelly, “Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners,” MSc Thesis - Master of Science in Computer Engineering, Virginia Polytechnic Institute and State University, Blacksburg, Virginia, 2010. [citation][year=2010]T. Basso, R. L. O. Moraes, and M. Jino, “A Methodology for Effectiveness Analysis of Vulnerability Scanning Tools,” presented at the Terceiro Encontro dos Alunos e Docentes do Departamento de Engenharia de Computação e Automação Industrial, University of Campinas (UNICAMP), Brazil, 2010. [citation][year=2010]T. Basso, P. C. S. Fernandes, M. Jino, and R. L. O. Moraes, “Analysis of the Effect of Java Software Faults on Security Vulnerabilities and Their Detection by Commercial Web Vulnerability Scanner Tool,” in 4th Workshop on Recent Advances on Intrusion-Tolerant Systems, WRAITS 2010, in conjunction with The 40th IEEE/IFIP International Conference on Dependable Systems and Networks, Chicago, IL, USA, 2010. [citation][year=2010]A. Doupé, M. Cova, and G. Vigna, “Why Johnny Can’t Pentest: An Analysis of Black-Box Web Vulnerability Scanners,” Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 111–131, 2010. [citation][year=2010]Z. Zheng, Y. Zhang, and M. R. Lyu, “Distributed QoS Evaluation for Real-World Web Services,” in 2010 IEEE International Conference on Web Services, 2010, pp. 83–90. [citation][year=2010]L. Wang, F. Liu, L. Zhang, G. Li, and B. Xie, “Enriching Descriptions for Public Web Services Using Information Captured from Related Web Pages on the Internet,” in 2010 Fifth IEEE International Symposium on Service Oriented System Engineering, 2010, pp. 141–150. [publication]Nuno Antunes and Marco Vieira , "Detecting SQL Injection Vulnerabilities in Web Services", in Fourth Latin-American Symposium on Dependable Computing (LADC 2009), 2009 [citation][year=2015]A. Masood and J. Java, “Static analysis for web service security-Tools & techniques for a secure development life cycle,” in 2015 IEEE International Symposium on Technologies for Homeland Security (HST), 2015, pp. 1–6. [citation][year=2015]N. A. Allen, “Detecting penetration attempts using log-sensitive fuzzing,” United States Patent 9104877, 11-Aug-2015. [citation][year=2015]A. Davies, “Securing Legacy Web Services,” BSc Thesis, Bournemouth University, Dorset, UK, 2015. [citation][year=2015]T. Aghariya, “Security Testing on Web Application,” MSc Thesis, Charles Darwin University, Darwin, 2015. [citation][year=2015]M. H. A. N. and C. Miao, “Structured Query Language Injection Penetration Test Case Generation Based on Formal Description,” Journal of Donghua University(English Edition), vol. 32, no. 3, pp. 446–452, 2015. [citation][year=2014]D. Appelt, C. D. Nguyen, L. C. Briand, and N. Alshahwan, “Automated testing for SQL injection vulnerabilities: An input mutation approach,” in Proceedings of the 2014 International Symposium on Software Testing and Analysis, 2014, pp. 259–269. [citation][year=2014]V. Sunkari and C. V. Guru Rao, “Preventing input type validation vulnerabilities using network based intrusion detection systems,” in 2014 International Conference on Contemporary Computing and Informatics (IC3I), 2014, pp. 702–706. [citation][year=2014]M. K. N. Durai and K. Priyadharsini, “A Survey on Security Properties and Web Application Scanner,” International Journal of Computer Science and Mobile Computing, vol. 3, no. 10, pp. 517–527, 2014. [citation][year=2014]D. Appelt, N. Alshahwan, and L. Briand, “Assessing the Impact of Firewalls and Database Proxies on SQL Injection Testing,” in Future Internet Testing, T. E. J. Vos, K. Lakhotia, and S. Bauersfeld, Eds. Springer International Publishing, 2014, pp. 32–47. [citation][year=2014]M. Mirjalili, A. Nowroozi, and M. Alidoosti, “A survey on web penetration test,” Advances in Computer Science: an International Journal (ACSIJ), vol. 3, no. 6, 2014. [citation][year=2014]Zhuo Ying gun and Pan Renyi, “Design and implementation of website information disclosure assessment system,” Ph.D. Thesis, National Chung Cheng University, 2014. [citation][year=2014]D. Appelt, N. Alshahwan, D. C. Nguyen, and L. Briand, “Black-box SQL Injection Testing,” University of Luxembourg, TR-SnT-2014-1, 2014. [citation][year=2013]R. M. Jnena, “Modern Approach for WEB Applications Vulnerability Analysis,” MSc Thesis, The Islamic University of Gaza, 2013. [citation][year=2013]P. Zech, M. Felderer, M. Farwick, and R. Breu, “A Concept for Language-Oriented Security Testing,” in 2013 IEEE 7th International Conference on Software Security and Reliability-Companion (SERE-C), 2013, pp. 53–62. [citation][year=2013]Luo Qi-Han, Zhang Yu-Qing, and Liu Qi-Xu, “Design and implementation of a SQL injection vulnerability detection tool on RESTful API,” Journal of Graduate University of Chinese Academy of Sciences, vol. 30, no. 3, pp. 417–424, 2013. [citation][year=2013]Y.-C. Cho and J.-Y. Pan, “Vulnerability Assessment of IPv6 Websites to SQL Injection and other Application Level Attacks,” The Scientific World Journal, vol. 2013, 2013. [citation][year=2013]L. Lei, X. Jing, L. Minglei, and Y. Jufeng, “A Dynamic SQL Injection Vulnerability Test Case Generation Model Based on the Multiple Phases Detection Approach,” in Computer Software and Applications Conference (COMPSAC), 2013 IEEE 37th Annual, 2013, pp. 256–261. [citation][year=2013]O. Vikholm and M. Flodström, “SQL-Injections: A wake-up call for developer: A study about a major threat and issue for companies and organizations worldwide,” Bachelor Thesis, Uppsala University, Uppsala, 2013. [citation][year=2012]G. Vaughan, “Understanding SQL Injection Attacks Inside and Out,” 2012. [citation][year=2012]Y. C. Zhu and H. L. Liang, “The SQL Injection Vulnerability Detection of the Web Application,” Applied Mechanics and Materials, vol. 198, pp. 1457–1461, 2012. [citation][year=2012]M. P. Salas and E. Martins, “Emulation of Malformed XML Using WSInject for Security Testing Against WS-Security,” presented at the IEEE Latin-American Conference on Communications (LATINCOM), Cuenca, Ecuador, 2012. [citation][year=2012]M. P. Salas and E. Martins, “Emulação de Ataques do Tipo XPath Injection para Testes de Web Services usando Injeção de Falhas,” in XIII Workshop de Testes e Tolerância a Falhas, Ouro Preto - MG, Brasil, 2012. [citation][year=2012]D. Rocha, D. Kreutz, and R. Turchetti, “A free and extensible tool to detect vulnerabilities in Web systems,” in 2012 7th Iberian Conference on Information Systems and Technologies (CISTI), 2012, pp. 1 –6. [citation][year=2012]T. Huynh and J. Miller, “AIWAS: The Automatic Identification of Web Attacks System,” International Journal of Systems and Service-Oriented Engineering (IJSSOE), vol. 3, no. 1, pp. 73–91, 2012. [citation][year=2012]H.-T. Tseng, “Design and Implementation of Automatic Web-Pages Penetration Testing System,” MSc Thesis, National Taiwan University of Science and Technology, Taiwan, 2012. [citation][year=2012]M. I. P. Salas, “Metodologia de Testes de Segurança para Análise de Robustez de Web Services pela Injeção de Ataques,” MSc Thesis, IC-UNICAMP, Campinas, Brasil, 2012. [citation][year=2012]D. Rocha, D. Kreutz, and R. Turchetti, “Uma Ferramenta Livre e ExtensíVel Para Detecção de Vulnerabilidades em Sistemas Web,” Computer Science and Engineering, 2012. [citation][year=2011]1. A.R. Pais, D.J. Deepak, and B.R. Chandavarkar, “Protection against Denial of Service and Input Manipulation Vulnerabilities in Service Oriented Architecture”, Advances in Network Security and Applications, Vol. 196, ISBN: 978-3-642-22539-0, 2011. [citation][year=2011]2. F. van der Loo, “Comparison of penetration testing tools for web applications,” MSc Thesis, University of Radboud, Netherlands, 2011. [citation][year=2011]Geoffrey Vaughan, "Understanding SQL Injection Attacks Inside and Out", Faculty of Business and IT, University of Ontario Institute of Technology, Canada, 2011. [citation][year=2010]1. Hsin-Chung Chen, "Multi-Layer Real-time Protection Applications Against SQLIV Attacks", MSc Thesis, Department of Computer Science and Information Engineering, National Taiwan University of Science and technology, July 2010. [citation][year=2010]2. Peng Geng, Fan Ming-yu, "SQL Injection Detection based on Improved Web Crawler", Application research of Computes, Vol. 27 no 7, July 2010. [citation][year=2010]3. HU Ju-ning, BI Hong-jun, LIU Yun, JIA Fan, "Key management scheme based on polynomial and chaos for wireless sensor networks", Application research of Computes, Vol. 27 no 7, July 2010. [citation][year=2010]4. D.A. Shelly, “Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners”, MSc Thesis, Virginia Polytechnic Institute and State University, July 2010. [citation][year=2010]5. N. Lambert, Kang Song Lin, "Use of Query tokenization to detect and prevent SQL injection attacks", 3rd IEEE International Conference on Computer Science and Information Technology, ICCSIT 2010, Chengdu, China, September 2010. [citation][year=2010]6. Toan Nguyen Duc Huynh, “Empirically Driven Investigation of Dependability and Security Issues in Internet-Centric Systems”, PhD Thesis, University of Alberta, Canada, 2010. [publication]Nuno Antunes and Marco Vieira , "Comparing the Effectiveness of Penetration Testing and Static Code Analysis on the Detection of SQL Injection Vulnerabilities in Web Services", in IEEE 15th Pacific Rim International Symposium on Dependable Computing (PRDC'09), 2009 [citation][year=2015]S. Jan, C. D. Nguyen, and L. Briand, “Known XML Vulnerabilities Are Still a Threat to Popular Parsers and Open Source Systems,” in 2015 IEEE International Conference on Software Quality, Reliability and Security (QRS), 2015, pp. 233–241. [citation][year=2015]K. Goseva-Popstojanova and A. Perhinschi, “On the capability of static code analysis to detect security vulnerabilities,” Information and Software Technology, vol. 68, pp. 18–33, 2015. [citation][year=2015]S. Khani, C. Gacek, and P. Popov, “Security-aware selection of Web Services for Reliable Composition,” in 11th European Dependable Computing Conference (EDCC 2015) - Student Forum, Paris, France, 2015. [citation][year=2015]A. Davies, “Securing Legacy Web Services,” BSc Thesis, Bournemouth University, Dorset, UK, 2015. [citation][year=2015]Y.-C. Cho, “Implementation and analysis of website security mining system, applied to universities’ academic networks,” Tehnicki vjesnik - Technical Gazette, vol. 22, no. 2, pp. 279–287, 2015. [citation][year=2015]M.-A. Laverdiere, B. J. Berger, and E. Merloz, “Taint analysis of manual service compositions using Cross-Application Call Graphs,” in 2015 IEEE 22nd International Conference on Software Analysis, Evolution and Reengineering (SANER), 2015, pp. 585–589. [citation][year=2015]M. I. Palma Salas and E. Martins, “A Black-Box Approach to Detect Vulnerabilities in Web Services Using Penetration Testing,” Latin America Transactions, IEEE (Revista IEEE America Latina), vol. 13, no. 3, pp. 707–712, 2015. [citation][year=2014]V. Shanmuga Neethi, “Prevention of code injection vulnerabilities in web applications through web services,” Ph.D. Thesis, Anna University, Chennai, India, 2014. [citation][year=2014]R.M.Dilip Charaan, R. Ramesh, E. Uma, and C. Yaashuwanth, “Design Of Three Layer Security Architecture To Prevent Dos Attacks In Web Service,” International Journal of Applied Engineering Research, vol. 9, no. 24, 2014. [citation][year=2014]C. T. Phong and W. Q. Yan, “An Overview of Penetration Testing,” International Journal of Digital Crime and Forensics (IJDCF), vol. 6, no. 4, pp. 50–74, 2014. [citation][year=2014]V. Sunkari and C. V. Guru Rao, “Preventing input type validation vulnerabilities using network based intrusion detection systems,” in 2014 International Conference on Contemporary Computing and Informatics (IC3I), 2014, pp. 702–706. [citation][year=2014]S. Chimmanee, T. Veeraprasit, and C. Srisa-An, “A Performance Evaluation of Vulnerability Detection: NetClarity Audito, Nessus, and Retina.,” International Journal of Computer Science & Network Security, vol. 14, no. 3, 2014. [citation][year=2014]T. P. Chiem, “A study of penetration testing tools and approaches,” MSc Thesis, Auckland University of Technology, Auckland, New Zealand, 2014. [citation][year=2014]Zhuo Ying gun and Pan Renyi, “Design and implementation of website information disclosure assessment system,” Ph.D. Thesis, National Chung Cheng University, 2014. [citation][year=2014]M. I. P. Salas and E. Martins, “Security Testing Methodology for Vulnerabilities Detection of XSS in Web Services and WS-Security,” in Electronic Notes in Theoretical Computer Science, 2014, vol. 302, pp. 133–154. [citation][year=2013]A. Austin, C. Holmgreen, and L. Williams, “A Comparison of the Efficiency and Effectiveness of Vulnerability Discovery Techniques,” Information and Software Technology, 2013. [citation][year=2013]G. Nilson, K. Wills, J. Stuckman, and J. Purtilo, “BugBox: A Vulnerability Corpus for PHP Web Applications,” presented at the 6th Workshop on Cyber Security Experimentation and Test (CSET ’13), Washington, D.C., 2013. [citation][year=2013]M. Muralidharan and M. Surya, “A Network Based Vulnerability Scanner for Detecting and Preventing SQLI Attacks in Web Applications,” International Journal of Advanced and Innovative Research (IJAIR), vol. 2, no. 3, Mar. 2013. [citation][year=2013]N. Meghanathan, “Automated Source Code Analysis to Identify and Remove Software Security Vulnerabilities: Case Studies on Java Programs,” International Journal of Software Engineering, vol. 6, no. 1, pp. 3–32, Jan. 2013. [citation][year=2013]N. Awang and A. Manaf, “Detecting Vulnerabilities in Web Applications Using Automated Black Box and Manual Penetration Testing,” in Advances in Security of Information and Communication Networks, vol. 381, A. Awad, A. Hassanien, and K. Baba, Eds. Springer Berlin Heidelberg, 2013. [citation][year=2013]R. Thenmozhi, M. Priyadharshini, and K. Abirami, “Vulnerability Management in Web Applications,” Data Mining and Knowledge Engineering, vol. 5, no. 4, pp. 162–167, 2013. [citation][year=2013]R. Scandariato, J. Walden, and W. Joosen, “Static analysis versus penetration testing: A controlled experiment,” in 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE), 2013, pp. 451–460. [citation][year=2012]S. Chimmanee, T. Veeraprasit, K. Sriphaew, and A. Hemanidhi, “A Performance Comparison of Vulnerability Detection between Netclarity Auditor and Open Source Nessus,” Recent Advances in Communications, Circuits and Technological Innovation, pp. 280–285, 2012. [citation][year=2012]S. Roy, A. K. Singh, and A. S. Sairam, “A Novel Approach to Prevent SQL Injection Attack Using URL Filter,” International Journal of Innovation, Management and Technology, vol. 3, no. 5, pp. 499–502, Oct. 2012. [citation][year=2012]V. Shanmughaneethi, R. Y. Praveen, and S. Swamynathan, “CIVD: detection of command injection vulnerabilities in web services through aspect–oriented programming,” International Journal of Computer Applications in Technology, vol. 44, no. 4, pp. 312–320, Jan. 2012. [citation][year=2012]N. Meghanathan and A. R. Geoghegan, “A Case Study on Testing for Software Security: Static Code Analysis of a File Reader Program Developed in Java,” in Advanced Automated Software Testing: Frameworks for Refined Practice, I. Alsmadi, Ed. IGI Global, 2012, pp. 89–112. [citation][year=2012]A. K. Singh and S. Roy, “A Network Based Vulnerability Scanner for Detecting SQLI Attacks in Web Applications,” in 1st International Conference on Recent Advances in Information Technology (RAIT), 2012, 2012, pp. 585 –590. [citation][year=2012]M. I. P. Salas, “Metodologia de Testes de Segurança para Análise de Robustez de Web Services pela Injeção de Ataques,” MSc Thesis, IC-UNICAMP, Campinas, Brasil, 2012 [citation][year=2012]G. Nilson, K. Wills, J. Stuckman, and J. Purtilo, “BugBox: A Vulnerability Corpus for PHP Web Applications,” presented at the 6th Workshop on Cyber Security Experimentation and Test (CSET ’13), Washington, D.C., 2013. [citation][year=2012]A. Austin, C. Holmgreen, and L. Williams, “A Comparison of the Efficiency and Effectiveness of Vulnerability Discovery Techniques,” Information and Software Technology, Dec. 2012. [citation][year=2011]1. E. Uma, A. Kannan, R. Ramesh, “Design of New Architecture for Providing Secure Web Services”, Proceedings of the World Congress on Engineering and Computer Science, San Francisco, USA: Newswood Limited, October 19-21, 2011. [citation][year=2011]2. Sangita Roy, Avinash Kumar Singh, Ashok Singh Sairam, "Detecting and Defeating SQL Injection Attacks", International Journal of Information and Electronics Engineering, Vol. 1 , No. 1, July 2011. [citation][year=2011]3. A.R. Pais, D.J. Deepak, and B.R. Chandavarkar, “Protection against Denial of Service and Input Manipulation Vulnerabilities in Service Oriented Architecture”, Advances in Network Security and Applications, Vol. 196, ISBN: 978-3-642-22539-0, 2011. [citation][year=2011]4. S. Roy, A. K. Singh, and A. S. Sairam, “Analyzing SQL Meta Characters and Preventing SQL Injection Attacks Using Meta Filter”, International Conference on Information and Electronics Engineering, Singapore, 2011. [citation][year=2011]5. A. Austin and L. Williams, “One Technique is Not Enough: A Comparison of Vulnerability Discovery Techniques,” presented at the ACM/IEEE 5th International Symposium on Empirical Software Engineering and Measurement (ESEM), Banff, Alberta, Canada, 2011. [citation][year=2011]6. A. Austin, “Improving the Security of Electronic Health Record Systems,” Master of Science, North Carolina State University, Raleigh, North Carolina, 2011. [citation][year=2010]1. Pramote Kuacharoen, “A Practical Customer Privacy Protection on Shared Servers”, 2010 International Conference on Information Theory and Information Security, ICITIS2010, Beijing, China, December 2010. [citation][year=2010]2. Deepak D. J., “Protection Against Input Manipulation Vulnerabilities in Service Oriented Architecture”, MSc Thesis – Master of Technology in Computer Science & Engineering – Information Security, Department of Computer Engineering - National Institute of Technology Karnataka, Mangalore, India, July 2010. Book Chapters 2017(1 publication) [publication]Laranjeiro, N. and Pereira, G. and Soydemir, S.N. and Barbosa, R. and Jorge Bernardino and Areias, C. and Nuno Antunes and Cunha, J.C. and Marco Vieira and Madeira, H. , "Robustness and Fault Injection for the Validation of Critical Systems", in Certifications of Critical Systems – The CECRIS Experience, pp. 247-274, 2017 2013(3 publications) [publication]Nuno Antunes and Marco Vieira , "Security Testing in SOAs: Techniques and Tools", in Innovative technologies for dependable OTS-based critical systems, vol. 1, pp. 159-174, 2013 [citation][year=2015]Krishnaveni, S., Prabakaran, and Sivamohan, S., “Survey on Software Security Testing Techniques in Cloud Computing,” Advances in Engineering Applications, 2015. [citation][year=2015]D. Nigam, V. Malik, and S. Nigam, “Methods and Techniques of Security Testing: A Survey,” International Journal of Advanced Engineering and Global Technology, vol. 3, no. 1, 2015. [publication]Marco Vieira and Nuno Antunes , "Introduction to Software Security Concepts", in Innovative technologies for dependable OTS-based critical systems, vol. 1, pp. 29-38, 2013 [publication]Napolitano, A. and Carrozza, G. and Nuno Antunes and Joao Duraes , "Survey on Software Faults Injection in Java Applications", in Innovative technologies for dependable OTS-based critical systems, vol. 1, pp. 101-114, 2013 [citation][year=2015]F. Abdali-Mohammadi, V. Bajalan, and A. Fathi, “Toward a Fault Tolerant Architecture for Vital Medical-Based Wearable Computing,” J Med Syst, vol. 39, no. 12, pp. 1–12, 2015 2012(1 publication) [publication]Micskei, Z. and Majzik, I. and Madeira, H. and Marco Vieira and Nuno Antunes and Avritzer, A. , "Robustness Testing Techniques and Tools", in Resilience Assessment and Evaluation of Computing Systems, 2012 [citation][year=2014]S. Mostadi and F. Mourlin, “Training Oriented Mobile Device to Learn Software Architecture,” in eLmL 2014, The Sixth International Conference on Mobile, Hybrid, and On-line Learning, 2014, pp. 75–81. 2011(2 publications) [publication]Rodrigues, D. and Estrella, J. and Nuno Antunes and Mónaco, F. and Branco, K. and Marco Vieira , "Engineering Secure Web Services", in Performance and Dependability in Service Computing: Concepts, Techniques and Research Directions, 2011 [citation][year=2015]M. I. Palma Salas and E. Martins, “A Black-Box Approach to Detect Vulnerabilities in Web Services Using Penetration Testing,” Latin America Transactions, IEEE (Revista IEEE America Latina), vol. 13, no. 3, pp. 707–712, 2015. [citation][year=2014]T. Francke, Innovative Applications and Developments of Micro-Pattern Gaseous Detectors. IGI Global, 2014. [citation][year=2014]F. Alam, Using Technology Tools to Innovate Assessment, Reporting, and Teaching Practices in Engineering Education. IGI Global, 2014. [citation][year=2014]M. I. P. Salas and E. Martins, “Security Testing Methodology for Vulnerabilities Detection of XSS in Web Services and WS-Security,” in Electronic Notes in Theoretical Computer Science, 2014, vol. 302, pp. 133–154. [citation][year=2012]I. Alsmadi, Ed., Advanced Automated Software Testing: Frameworks for Refined Practice: Frameworks for Refined Practice. IGI Global, 2012. [citation][year=2011]B. Hollunder, A. Al-Moayed, and A. Wahl, “A Tool Chain for Constructing QoS-aware Web Services,” in in Performance and Dependability in Service Computing: Concepts, Techniques and Research Directions, V. Cardellini, E. Casalicchio, K. Castelo Branco, J. Estrella, and F. Monaco, Eds. Hershey: IGI Global, 2011, pp. 189–211. [publication]Nuno Antunes and Marco Vieira , "Detecting Vulnerabilities in Web Services: Can Developers Rely on Existing Tools?", in Performance and Dependability in Service Computing: Concepts, Techniques and Research Directions, 2011 PhD Theses 2014(1 publication) [publication]Nuno Antunes , "Software Vulnerability Detection in Service-Based Infrastructures: Techniques and Tools", 2014 MSc Theses 2009(1 publication) [publication]Nuno Antunes , "Evaluating Web Services Security", 2009 Tech Report 2014(1 publication) [publication]Milenkoski, A. and Marco Vieira and Payne, B.D. and Nuno Antunes and Kounev, S. , "Technical Information on Vulnerabilities of Hypercall Handlers", 2014 2013(1 publication) [publication]Milenkoski, A. and Kounev, S. and Avritzer, A. and Nuno Antunes and Marco Vieira , "On Benchmarking Intrusion Detection Systems in Virtualized Environments", 2013 [citation][year=2015]T. Huang, Y. Zhu, Y. Wu, S. Bressan, and G. Dobbie, “Anomaly detection and identification scheme for VM live migration in cloud infrastructure,” Future Generation Computer Systems, 2015. [citation][year=2015]G. V. KRISHNA, “Intrusion Detection System as a Service,” MSc Thesis, Blekinge Institute of Technology, Karlskrona, Sweden, 2015.