Title :
A New Approach towards DoS Penetration Testing on Web Services
Author :
Falkenberg, Andreas ; Mainka, Christian ; Somorovsky, Juraj ; Schwenk, Joerg
Author_Institution :
SEC Consult Deutschland Unternehmensberatung GmbH, Germany
fDate :
June 28 2013-July 3 2013
Abstract :
SOAP-based Web services is a middleware technology marketed as the solution to easy data exchange between heterogeneous IT architectures. The large number of scenarios, in which this technology is used, has introduced demands for new extensions raising its complexity. However, this has also introduced a large variety of new attacks. In this paper, we investigate an automatic evaluation of Web service specific Denial of Service (DoS) attacks. We present a new fully automated plugin for the WS-Attacker penetration testing tool implementing major DoS attacks. Our tool determines the attack success without having physical access to the target machine, using a novel blackbox approach. We give an overview of our design decisions and present the evaluation results using common Web service frameworks and systems.
Keywords :
Web services; computer network security; electronic data interchange; middleware; program testing; DoS attacks; DoS penetration testing; SOAP-based Web services; WS-attacker penetration testing tool; automated plugin; blackbox approach; data exchange; denial of service attack; heterogeneous IT architectures; middleware technology; Computer crime; Payloads; Servers; Simple object access protocol; Testing; XML; Denial- of-Service; Penetration Testing Tool; SOAP-based Web services; WS-Attacker; WS-Security;
Conference_Titel :
Web Services (ICWS), 2013 IEEE 20th International Conference on
Conference_Location :
Santa Clara, CA
Print_ISBN :
978-0-7695-5025-1
DOI :
10.1109/ICWS.2013.72
