Web Services Pen-testing Framework for Cyber Security : A Review

Authors

  • Yash Patel  Research Scholar, MTECH Department, Raksha Shakti University, Ahmedabad, Gujarat, India
  • Ravi Sheth  Assistant Professor, MTECH Department, Raksha Shakti University, Ahmedabad, Gujarat, India

Keywords:

Web Application, Penetration Testing, Web Services, XML (Extensible Markup Language), SOAP (Simple Object Access Protocol), XPath (XML Path Language)

Abstract

Every single day highly trained Hackers breach the security & take advantage of vulnerabilities to access the confidential and sensitive data. To overcome such problem, the first solution was suggested named Vulnerability Assessment and Penetration Testing (VAPT). However, Penetration testing is done for security holes identification. This paper gives an overview of the stages of penetration testing in a web application for web services. In web services pen-testing, generally, we test for attacks like Web services Foot-printing Attack, Probing Attack, XML Poisoning, and SOAP Injection.

References

  1. EC-Council Certified Security Analyst (ECSA) v8 Slides.pdf
  2. SACHIN UMRA, MANDEEP KAUR & GOVIND KUMAR GUPTA, VULNERABILITY ASSESSMENT
  3. AND PENETRATION TESTING, International Journal of Computer & Communication Technology ISSN (PRINT): 0975 - 7449, Volume-3, Issue-6, 7, 8, 2012.
  4. https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE)
  5. Sadeeq Jan, Cu D. Nguyen, Andrea Arcuri, Lionel Briand, A Search-based Testing Approach for XML Injection Vulnerabilities in Web Applications, 10th IEEE International Conference on Software Testing, Verification and Validation.
  6. Proceedings of the 7th IEEE International Symposium on High Assurance Systems Engineering (HASE’02)1530-2059/02 $17.00 © 2002 IEEE
  7. M. Aoyama, S. Weerawarana, H. Maruyama, C.   Szyperski,. Sullivan, and D. Lea. Web services engineering: Promises and challenges. In Proceedings of the 24th International Conference on Software Engineering, pages 647–648, Orlando, Florida, May 2002.
  8. J. Clabby. Web services explained: Solutions and applications for the real world. Pearson Education Inc., 2003
  9. https://en.wikipedia.org/wiki/XML

IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology

Downloads

Published

2017-12-31

Issue

Volume 2, Issue 6, November-December-2017

Section

Research Articles

License

Copyright (c) IJSRCSEIT

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Yash Patel, Ravi Sheth, " Web Services Pen-testing Framework for Cyber Security : A Review, IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 2, Issue 6, pp.1086-1088, November-December-2017.