Web Services Security Risk Assessment

With the development of computer network and the popularization of Internet, the Web, as a large-scale storage of on-line information, makes it easier to visit customers and gains resources, and on-line security risks reach an unprecedented height. As Web is evolving, Web services have become the new web application architecture, and have entered into the latest stage in the computer world. From the user's point of view, Web services are objects deployed on the Web. If it is said that the problem that traditional Web application technology to solve is how people use the services provided by Web applications, the Web services is how computer systems use the services provided by the Web application.With the maturity of Web services technology and the proliferation of the entire network, Web services security issues have drawn increasing attention. The technology can not fimdamentally solve the problem of the security of Web services alone. Web services security should be treated from the perspective of project, and risk assessment occupies an important position in this project, which is the foundation and precondition of Web services security. Therefore, Web services security risk assessment study is very necessary.At present, the domestic and international relevant criteria, assessment methods of information security risk assessment are relatively mature. There are a lot of good information security risk assessment tools in the market, but there are no the relevant criteria, assessment methods of Web services security risk assessment for reference, and the number of Web services security risk assessment tools are also very few.On the basis of the study on Web services and information security risk assessment, and further study on Web services security, the paper carries out useful exploration about Web services security risk assessment, and achieves an effective Web services security risk assessment auxiliary tool. Main results of the paper are as follows: First of all, the thesis discusses Web services security risk assessment, and puts forward the Web services security risk assessment process and the Web services security risk assessment algorithm. Secondly, it deals with the risk value by introducing fuzzy algorithm. Third, an effective Web services security risk assessment auxiliary tool is achieved by programming. In the implementation of Web services security risk assessment auxiliary tool, Web services vulnerabilities are determined by the method of combining X-scan scanning and the survey. It gives the determination method of Web services vulnerabilities risk-level and standards of Web services vulnerability parameters, formates scientific and reasonable questionnaire which are detailed and brief respectively, generates the evaluation report including text, tables, graphics and so on, and increases the user's intuitive understanding of the target system security.Finally, this thesis introduces the experimental environment, process and analysis of the result. Experimental result shows that Web services security risk assessment auxiliary tool gives the risk lever of target system, the expected design goal has been achieved basically, proves that Web services security risk assessment tool is feasible; generates Web services security risk assessment report, and obtains the detail situation of Web services security about the target system, the assessment result provided a scientific and credible basis for user's next task in the risk management.