Software Vulnerability Analysis for Web Services Software Systems

The use of Web Services has begun to significantly impact organizations and companies. Major business oriented objectives in reducing costs, shortening time, and improving quality and productivity can be achieved by using the Web Services technology. The Web Services software technology enables software components independently developed in disparate platforms to interact and collaborate in a seamless manner. They constitute a loosely-coupled, distributed system that is highly scalable. However, they also inherit the potential vulnerabilities of such systems. As Web Services increase in complexity and connectivity, the associated security risks also increase exponentially. Many of the security breaches can be traced back to poor verification and validation tasks. In this paper, a study on security related software vulnerabilities in SOAP-based Web Services is presented. The security context of traditional Web applications is compared to that of Web Services. An attempt has been made to map common attack patterns to security verification requirements with regard to Web Service software systems.