Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
High Level Verification of I2C Protocol Using System Verilog and UVM Read chapter Read first chapter

2018 | OriginalPaper | Chapter

Penetration Testing as a Test Phase in Web Service Testing a Black Box Pen Testing Approach

Authors : Shivam Mehta, Gaurav Raj, Dheerendra Singh

Published in: Smart Computing and Informatics

Publisher: Springer Singapore

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The study involves the implementation of the black box penetration testing approach; it deals with the step by step idea to conduct a penetration testing on web services as a user not as a developer. In this, we study about top vulnerabilities that are found in SOAP web services and how to exploit them to get confidential information which an attacker can regenerate and gain access to and what countermeasures the developer can take to prevent such vulnerabilities. So to prevent such malicious attack we should test them beforehand and fix the vulnerabilities before deploying web services over the network. We discussed about SOA architecture and black box penetration testing as a part of development lifecycle. We used SOAP UI and Burp Suite to test Web Services for security vulnerabilities.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Small Effort to Build Pune as a Smart City: Smart Real-Time Road Condition Detection and Efficient Management System
next chapter Analysis of Software Repositories Using Process Mining
Literature
1.
Ashish Kumar Dwivedi, Santanu Kumar Rath “Incorporating Security Features in Service-Oriented Architecture” in ACM SIGSOFT Software Engineering Notes January 2015 Volume.
2.
Nuno Antunes, and Marco Vieira “Comparing the Effectiveness of Penetration Testing and Static Code Analysis on the Detection of SQL Injection Vulnerabilities in Web Services” in Dependable Computing, 2009. PRDC ‘09. 15th IEEE Pacific Rim International Symposium on 2009.
3.
Adnan Massod, Jim Java “Static Analysis of Web Service Security—Tools and Techniques for a Secure Development Life Cycle” in Technologies for Homeland Security (HST), 2015 IEEE International Symposium on 2015.
4.
5.
6.
7.
OASIS Web Service Security SOAP Message Security 1.1, OASIS Standard Specification 2006.
8.
Nuno Antunes, Marco Vieira, “Enhancing Penetration Testing with Attack Signatures and Interface Monitoring for the Detection of Injection Vulnerabilities in Web Services” in IEEE International Conference on Services Computing, 2011.
9.
Christian Mainka, Juraj Somorovsky and Jörg Schwenk, “Penetration Testing Tool for Web Services Security”, IEEE Eighth World Congress on Services 2012.
10.
Alex Stamos, “Attacking Web Services”, OWASP APPSEC DC 2005.
Metadata
Title
Penetration Testing as a Test Phase in Web Service Testing a Black Box Pen Testing Approach
Authors
Shivam Mehta
Gaurav Raj
Dheerendra Singh
Copyright Year
2018
Publisher
Springer Singapore
Book
Smart Computing and Informatics

Print ISBN: 978-981-10-5546-1

Electronic ISBN: 978-981-10-5547-8

Copyright Year: 2018

DOI
https://doi.org/10.1007/978-981-10-5547-8_64