| Popis: |
Web Services are more and more used in designing and building systems in open and dynamic distributed environments. The security of these transactions is becoming a critical issue. This paper proposes a security testing method for stateful Web Services. We define some specific security rules with the Nomad language. Then, we construct test cases from a symbolic specification and test purposes derived from the previous rules. We present some experimentation results based on roughly 100 Web Services and we show that 11 percent have vulnerabilities, using the rules introduce in the article. |
