Abstract

Web services work over dynamic connections among distributed systems. This technology was specifically designed to easily pass SOAP message through firewalls using open ports. These benefits involve a number of security challenges, such as Injection Attacks, phishing, Denial-of-Services (DoS) attacks, and so on. The difficulty to detect vulnerabilities,before they are exploited, encourages developers to use security testing like penetration testing to reduce the potential attacks. Given a black-box approach, this research use the penetration testing to emulate a series of attacks, such as Cross-site Scripting (XSS), Fuzzing Scan, Invalid Types, Malformed XML, SQL Injection, XPath Injection and XML Bomb. In this way, was used the soapUI vulnerability scanner in order to emulate these attacks and insert malicious scripts in the requests of the web services tested. Furthermore, was developed a set of rules to analyze the responses in order to reduce false positives and negatives. The results suggest that 97.1% of web services have at least one vulnerability of these attacks. We also determined a ranking of these attacks against web services.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Web Server Hacking
-
-
--
01 Jan 2019
Detection of SQL injection and XSS attacks in three tier web applications
Piyush A Sonewar ... Sonali D Thosar
-
Piyush A Sonewar, et. al.Piyush A Sonewar ... Sonali D Thosar
01 Aug 2016
Security Performance Analysis of Photography Service System
Nur Khairani Kamarudin ... Farah Shazwani Ismail
Journal of Computing Research and Innovation | VOL. 4
Nur Khairani Kamarudin, et. al.Nur Khairani Kamarudin ... Farah Shazwani Ismail
14 Nov 2019
Cross-Site Scripting (XSS) and SQL Injection Attacks Multi-classification Using Bidirectional LSTM Recurrent Neural Network
Abdulgbar A R Farea ... Ebraheem Farea
-
Abdulgbar A R Farea, et. al.Abdulgbar A R Farea ... Ebraheem Farea
17 Dec 2021
View more papers

More From: IEEE Latin America Transactions

Paper Title
Journal
Date
Author
Bioenergy and Electric Power Generation from Agricultural Residues in Morocco: Lessons for Brazil
Meisam Mahdavi ... Francisco Jurado
IEEE Latin America Transactions | VOL. 22
Meisam Mahdavi, et. al.Meisam Mahdavi ... Francisco Jurado
01 Nov 2024
An Ultra High Gain Switched-Capacitor Boost DC-DC converter with Reduced Ripple Current
Baba Fakruddin Monakanti ... Harish Sarma Krishnamoorthy
IEEE Latin America Transactions | VOL. 22
Baba Fakruddin Monakanti, et. al.Baba Fakruddin Monakanti ... Harish Sarma Krishnamoorthy
01 Nov 2024
Design and implementation of a low cost isotropic electric field sensor for SAR measurements
Marco Quispe ... Saúl Inca
IEEE Latin America Transactions | VOL. 22
Marco Quispe, et. al.Marco Quispe ... Saúl Inca
01 Nov 2024
Bidirectional protection for DC systems based on di/dt behavior
Jeziel Vazquez ... Nimrod Vázquez
IEEE Latin America Transactions | VOL. 22
Jeziel Vazquez, et. al.Jeziel Vazquez ... Nimrod Vázquez
01 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.