Vulnerability Testing Of Web Services Based On Combination Mutations Of Web Service Messages

The interoperability of Web Service is the bases of Web Service integration and application. It supports an open and dynamic interoperability mode and can greatly reduce the cost of system integration and complexity. Therefore it gained attention and support from academia and industry. The core of Web Service is XML, SOAP, WSDL and UDDI; Web Service usually contain critical business of the application system and the Safety issues may cause great loss. Therefore, research on Web Service security testing begins getting more and more attention.The nature of Web Service vulnerability is safety flaw which can endanger the safety of the use of Web Service strategy, resulting in wrong messages.Currently, Web Service testing focus on functionality and reliability. In this paper, we propose vulnerability testing of Web Service based on combination mutations of Web Service messages we also design a web service vulnerability testing tool. The main work:1. For Web Service which have multiple methods(or parameters),we propose combination mutation: Parse the WSDL files to access the original SOAP messages, manually analyze the interactions of the parameters. Design the combined mutation operators on the basis of the other people. Generate the test cases use the strategy of One-test-at-a-time to find safety hazards due to multi-parameter synergy.2. The simple testing method of Web Service having single methods(or parameters): This method used to detect only one method(or parameters) Web Service vulnerability. We extended the original mutation operator and set parameters for different types of services are designed different variation algorithm.3. Design the Web Service vulnerability testing tool: The system consists of four parts: SOAP message generator module, SOAP messages variation module, test case generation module and the safety analysis module. Its main function is scan the WSDL files, generate the SOAP messages via dynamically parse WSDL file, and then call the appropriate test case generation algorithm to generate test cases and then use the test cases for Web Service vulnerability testing, safety analysis module for Web Service security analysis then give the final test report.