Challenges of Testing Web Services and Security in SOA Implementations

Barbir, Abbie; Hobbs, Chris; Bertino, Elisa; Hirsch, Frederick; Martino, Lorenzo D.

doi:10.1007/978-3-540-72912-9_14

Cited by 24 publications

(10 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Trust computing must ensure messages are protected against malicious parties, preventing they are accessed or modified by unauthorized parties. The new extensions for SQL mutations mentioned above can address some of the vulnerabilities of Web services related to SQL and XPath [2,13]. Web Services Security (WS-Security) [36], published by Advancing Open Standards for the Information Society (OASIS), is an initiative to establish standards to apply security to Web services.…”

Section: Resultsmentioning

confidence: 99%

Improving data perturbation testing techniques for Web services

Melo

Silveira

2011

Information Sciences

View full text Add to dashboard Cite

Section: Resultsmentioning

confidence: 99%

Improving data perturbation testing techniques for Web services

Melo

Silveira

2011

Information Sciences

View full text Add to dashboard Cite

“…A challenge for the SOA application developer is to provide end-to-end security over a possibly untrustworthy network [2]. This means an application developer must establish trust across a large number of autonomous nodes that can be web servers, application servers, databases, enterprise service buses (ESBs), service registries, service repositories, individual services, and other nodes.…”

Section: F Distributed and Untrusted Network And Channelmentioning

confidence: 99%

Information assurance challenges and strategies for securing SOA environments and web services

Simanta

Morris

Balasubramaniam

et al. 2009

2009 3rd Annual IEEE Systems Conference

View full text Add to dashboard Cite

The potential benefits of business agility, flexibility, and reuse associated with SOA are well known today. However, these benefits do not come without a cost of their own, particularly regarding security. The primary goal to make web services widely accessible can also make them vulnerable. This paper examines the key challenges for securing service-oriented environments and identifies the important information assurance strategies that are necessary to mitigate and manage the security risks in an SOA environment.

show abstract

“…Those clarifications and amendments become manifest in so-called requirements together with some explaining text and, in case of the RSP, test expressions for evaluating SOAP messages. In (Barbir, Hobbs et al 2007), one of the BSP editors explains that by using the requirements "the BSP limits the set of common functionality that vendors must implement and thus enhances the chances for interoperability. This in return reduces the complexities for the testing of Web Services security."…”

Section: Ws-i To the Rescue?mentioning

confidence: 99%

Interoperability and Functionality of WS-* Implementations

Schönberger

Schwalb²,

Wirtz

2012

International Journal of Web Services Research

View full text Add to dashboard Cite

Recently, the Web Services Interoperability Organization (WS-I) has announced to have completed its interoperability standards work. The latest deliverables include the so-called “Basic Security Profile” and the “Reliable Secure Profile.” This gives rise to the question whether or not Web Services adopters can rely on interoperability and functionality of Web Services stacks, in particular in terms of security and reliability features. To answer this question, the authors thoroughly analyze two important Web Services stacks for interoperability of WS-Security and WS-ReliableMessaging features. Their analysis shows that security and reliability features are far from being implemented in an interoperable manner. Additionally, they reveal that some of those interoperability problems are not even covered by WS-I profiles and therefore conclude that WS-I’s work has not yet resulted in Web Services interoperability. Finally, the authors investigate support for the so-called “Secure WS-ReliableMessaging Scenario” in order to find out whether WS-* adopters can at least rely on the availability of real-world functionality in homogeneous environments.

show abstract

Challenges of Testing Web Services and Security in SOA Implementations

Cited by 24 publications

References 18 publications

Improving data perturbation testing techniques for Web services

Improving data perturbation testing techniques for Web services

Information assurance challenges and strategies for securing SOA environments and web services

Interoperability and Functionality of WS-* Implementations

Contact Info

Product

Resources

About