مرکز منطقه ای اطلاع رساني علوم و فناوري - A HYBRID APPROACH FOR SOFTWARE SECURITY TESTS OF WEB SERVICES

Abstract :

As nowadays technology appeals to all parts of the society, different needs have appeared. While web and mobile applications make daily life easier; data transfer among different systems has been a necessity with variety of web, mobile and desktop software. Web services are used for data transfer among databases of different systems and for platform independent communication. Security and privacy in web services, which connect different systems, are very important as they are in web applications. Users perform vital transactions online trusting the services. In web service applications, security risks are decreased with security precautions during the first phases of developing a software. If a software is evaluated by only one test model during security testing, potential security vulnerabilities cannot be detected adequately. In this research, a hybrid model was proposed for testing web service security. In this hybrid model, parts which need attention while developing a web service were detected with static, dynamic and code review methods during security testing. User authentication, which is a requirement in web services, and security vulnerabilities which may occur depending on programming languages were explained with sample codes. In the last section of this research, the benchmark web services were tested with the hybrid model by using open source software and the validity of the model was put forward with the results.