{"title":"SOA-Scanner: An Integrated Tool to Detect Vulnerabilities in Service-Based Infrastructures","authors":"Nuno Antunes, M. Vieira","doi":"10.1109/SCC.2013.28","DOIUrl":null,"url":null,"abstract":"Service Oriented Architectures are nowadays used in a wide range of organizations to support critical daily operations. Although the underlying services should behave in a secure manner, they are often deployed with bugs that can be maliciously exploited. The characteristics of service-based environments open the door to security challenges that must be handled properly, including services under the control of multiple providers and dynamism of interactions and compositions. This paper presents an extensible tool able to widely test such infrastructures for vulnerabilities. The tool is based in an iterative process that uses interface monitoring to automatically monitor and discover the existing services, resources and interactions, and applies different testing approaches depending on the level of access to each existing services. Two case studies has been developed do demonstrate the tool, and results show that the tool can effectively be used in different service-based scenarios, under different access conditions to the target services.","PeriodicalId":370898,"journal":{"name":"2013 IEEE International Conference on Services Computing","volume":"41 7","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE International Conference on Services Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SCC.2013.28","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 13
Abstract
Service Oriented Architectures are nowadays used in a wide range of organizations to support critical daily operations. Although the underlying services should behave in a secure manner, they are often deployed with bugs that can be maliciously exploited. The characteristics of service-based environments open the door to security challenges that must be handled properly, including services under the control of multiple providers and dynamism of interactions and compositions. This paper presents an extensible tool able to widely test such infrastructures for vulnerabilities. The tool is based in an iterative process that uses interface monitoring to automatically monitor and discover the existing services, resources and interactions, and applies different testing approaches depending on the level of access to each existing services. Two case studies has been developed do demonstrate the tool, and results show that the tool can effectively be used in different service-based scenarios, under different access conditions to the target services.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
