A New Approach towards DoS Penetration Testing on Web Services
作者: Andreas Falkenberg , Christian Mainka , Juraj Somorovsky , Jorg Schwenk
DOI: 10.1109/ICWS.2013.72
关键词:
摘要: SOAP-based Web services is a middleware technology marketed as the solution to easy data exchange between heterogeneous IT architectures. The large number of scenarios, in which this used, has introduced demands for new extensions raising its complexity. However, also variety attacks. In paper, we investigate an automatic evaluation service specific Denial Service (DoS) We present fully automated plugin WS-Attacker penetration testing tool implementing major DoS Our determines attack success without having physical access target machine, using novel blackbox approach. give overview our design decisions and results common frameworks systems.
sci-hub.se 参考文章(11)
Juraj Somorovsky, Marco Kampmann, Meiko Jensen, Jörg Schwenk, Andreas Mayer, On breaking SAML: be whoever you want to be usenix security symposium. pp. 21- 21 ,(2012)
Tibor Jager, Sebastian Schinzel, Juraj Somorovsky, Bleichenbacher’s Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption Computer Security – ESORICS 2012. pp. 752- 769 ,(2012) , 10.1007/978-3-642-33167-1_43
Meiko Jensen, Nils Gruschka, Ralph Herkenhöner, A survey of attacks on web services Classification and countermeasures Computer Science - Research and Development. ,vol. 24, pp. 185- 197 ,(2009) , 10.1007/S00450-009-0092-6
Scott A. Crosby, Dan S. Wallach, Denial of service via algorithmic complexity attacks usenix security symposium. pp. 3- 3 ,(2003)
ASP.NET Web Services Wiley-IEEE Press. pp. 721- 893 ,(2010) , 10.1002/9780470567845.CH9
Christian Mainka, Juraj Somorovsky, Jorg Schwenk, Penetration Testing Tool for Web Services Security world congress on services. pp. 163- 170 ,(2012) , 10.1109/SERVICES.2012.7
Rui Andre Oliveira, Nuno Laranjeiro, Marco Vieira, Experimental Evaluation of Web Service Frameworks in the Presence of Security Attacks 2012 IEEE Ninth International Conference on Services Computing. pp. 633- 640 ,(2012) , 10.1109/SCC.2012.52
Tibor Jager, Juraj Somorovsky, How to break XML encryption Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 413- 422 ,(2011) , 10.1145/2046707.2046756
Nils Gruschka, Luigi Lo Iacono, Vulnerable Cloud: SOAP Message Security Validation Revisited international conference on web services. pp. 625- 631 ,(2009) , 10.1109/ICWS.2009.70
Asir S Vedamuthu, Toufic Boubez, David Orchard, Maryann Hondo, Frederick Hirsch, Web Services Policy 1.5 - Framework ,(2007)