Penetration Testing for Web Services

Authors

Abstract

Web services are often deployed with critical software security faults that open them to malicious attack. Penetration testing using commercially available automated tools can help avoid such faults, but new analysis of several popular testing tools reveals significant failings in their performance.

Issue No.02 - Feb. (2014 vol.47)
pp: 30-36

Keywords

Web security scanners, Web services, code vulnerabilities, penetration testing, vulnerability detection

Subject

security testing

Journal

IEEE Computer, Vol. 47, pp. 30-36, IEEE, February 2014

DOI

Cited by

Year 2015 : 2 citations

T. Aghariya, “Security Testing on Web Application,” MSc Thesis, Charles Darwin University, Darwin, 2015.

T. Fertig and P. Braun, “Model-driven Testing of RESTful APIs,” in Proceedings of the 24th International Conference on World Wide Web Companion, Republic and Canton of Geneva, Switzerland, 2015, pp. 1497–1502.

Year 2014 : 3 citations

C. T. Phong and W. Q. Yan, “An Overview of Penetration Testing,” International Journal of Digital Crime and Forensics (IJDCF), vol. 6, no. 4, pp. 50–74, 2014.

T. P. Chiem, “A study of penetration testing tools and approaches,” MSc Thesis, Auckland University of Technology, Auckland, New Zealand, 2014.

I. Mukhopadhyay, “Web Penetration Testing using Nessus and Metasploit Tool,” IOSR Journal of Computer Engineering (IOSR-JCE), vol. 16, no. 3, pp. 126–129, 2014.