Combinatorial Mutation Approach to Web Service Vulnerability Testing Based on SOAP Message Mutations

Web services testing is one of the most important techniques used to assure the quality of Web services at present. Currently, Web service testing has been only focused on one mutant injected at one time. Thus, based on data perturbation and combinatorial testing techniques, this paper presents a set of mutation operators that can be combined, and defines corresponding combinatorial strategies. Multiple mutants are injected at one time. In order to improve the testing efficiency and effect, a combinatorial approach for testing Web service vulnerability is proposed. Firstly, based on WSDL (Web Service Description Language) documents and SOAP (Simple Object Access Protocol) messages, the initial test data are generated by perturbation techniques. Then CTCG (Combinatorial Testing Cases Generation) algorithm is proposed and called to generate the final combinatorial test data according to combinatorial strategies. Finally, some preliminary experiments are conducted in an integration testing platform to verify the applicability of the proposed approach. The experimental results show that the approach is more cost-effective.