Remote agent based automated framework for threat modelling, vulnerability testing of SOA solutions and web services

Author

Patil, Prithviraj ; Pawar, Sunil

Author_Institution

TIBCO Softwares, Pune, India

fYear

2012

fDate

10-12 June 2012

Firstpage

127

Lastpage

131

Abstract

Web services are a widely touted technology that aims to provide tangible benefits to both business and IT. Their increasing use in the enterprise sector, for the integration of distributed systems and business critical functions, dictates the need for diverse security assurances. Existing security frameworks do provide comprehensive security testing, but are not flexible enough to handle complex, user defined threat scenarios. This paper identifies and details an approach for providing an automated mechanism, which has the capability to allow users to create their own complex threat scenarios and test them against highly distributed web services. This mechanism provides the user with the tools and information necessary to generate and implement user defined security tests. This mechanism should however be considered only as a user driven extension to existing web service security testing frameworks.

Keywords

Web services; business data processing; multi-agent systems; program testing; security of data; service-oriented architecture; SOA solutions; business critical functions; distributed Web service security testing frameworks; distributed systems; enterprise sector; remote agent based automated framework; security assurances; threat modelling; user defined security tests; vulnerability testing; Java; Monitoring; Security; Simple object access protocol; Testing; Tutorials; extensible automated framework; security testing; user driven test scenarios; web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Internet Security (WorldCIS), 2012 World Congress on

Conference_Location

Guelph, ON

Print_ISBN

978-1-4673-1108-3

Type

conf

Filename

6280213