Detecting Vulnerabilities in Service Oriented Architectures

Author

Antunes, Nuno ; Vieira, Marco

Author_Institution

Dept. of Inf. Eng., Univ. of Coimbra, Coimbra, Portugal

fYear

2012

fDate

27-30 Nov. 2012

Firstpage

134

Lastpage

139

Abstract

The adoption of Service Oriented Architectures (SOAs) in a wide range of organizations, including business-critical systems, opens the door to new security challenges. Although the services used should be secure and reliable, they are often deployed with security bugs that can be maliciously exploited. The problem is that developers are frequently not specialized on security and the common time-to-market constraints limits an in depth test for vulnerabilities. Additionally, research and practice shows that the effectiveness of existing vulnerability detection tools is very poor. The goal of this work is to advance the state-of-the-art by investigating new techniques and tools to effectively detect vulnerabilities in SOAs in an automated manner. Instrumental in this work is to propose a benchmarking approach that allows assessing and comparing vulnerability detection tools, thus helping guiding tools development and improvement, and allowing users to select the most effective ones according to specific needs.

Keywords

security of data; service-oriented architecture; SOA; benchmarking approach; business-critical systems; common time-to-market constraints limits; guiding tools development; security bugs; service oriented architectures; vulnerability detection tools; Benchmark testing; Monitoring; Runtime; Security; Service oriented architecture; SOA; benchmarking; security; vulnerabilities; vulnerability detection; web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Reliability Engineering Workshops (ISSREW), 2012 IEEE 23rd International Symposium on

Conference_Location

Dallas, TX

Print_ISBN

978-1-4673-5048-8

Type

conf

DOI

10.1109/ISSREW.2012.33

Filename

6405430