TY - JOUR
T1 - A Web services vulnerability testing approach based on combinatorial mutation and SOAP message mutation
AU - Chen, Jinfu
AU - Li, Qing
AU - Mao, Chengying
AU - Towey, Dave
AU - Zhan, Yongzhao
AU - Wang, Huanhuan
N1 - Funding Information:
Acknowledgments This work was supported by the National Natural Science Foundation of China (NSFC) under Grants No. 61202110 and No. 61063013, Natural Science Foundation of Jiangsu Province under Grant No. BK2012284 and the Research Fund for the Doctoral Program of Higher Education of China under Grant No. 2010322 7120005.
PY - 2014/3
Y1 - 2014/3
N2 - The testing of Web services is an essential aspect of their quality assurance, however, because this testing often involves injecting only one mutant at one time, some vulnerability faults cannot be detected. To address this, the current paper presents a set of mutation operators that can be combined and defines the corresponding combinatorial strategies based on data perturbation and combinatorial testing. Based on this, multiple mutants can be injected at one time to help uncover interactive faults. To improve testing efficiency and effectiveness, a combinatorial testing approach focusing on Web service vulnerability is proposed: Firstly, initial test data are generated with perturbation techniques based on Web Services Description Language documents and Simple Object Access Protocol messages. Then, a combinatorial testing cases generation (CTCG) algorithm is used to generate the final combinatorial test data according to the proposed strategies. Furthermore, for some special Web services in which there is only one parameter or one method in service interface, a fuzzy mutation approach algorithm, as a complementary approach to CTCG, is also proposed. Finally, some testing experiments are conducted to verify the effectiveness of the proposed approaches in an integrated testing platform. The experiments show that proposed approaches are both feasible and effective: They can find more vulnerability faults than the traditional approaches.
AB - The testing of Web services is an essential aspect of their quality assurance, however, because this testing often involves injecting only one mutant at one time, some vulnerability faults cannot be detected. To address this, the current paper presents a set of mutation operators that can be combined and defines the corresponding combinatorial strategies based on data perturbation and combinatorial testing. Based on this, multiple mutants can be injected at one time to help uncover interactive faults. To improve testing efficiency and effectiveness, a combinatorial testing approach focusing on Web service vulnerability is proposed: Firstly, initial test data are generated with perturbation techniques based on Web Services Description Language documents and Simple Object Access Protocol messages. Then, a combinatorial testing cases generation (CTCG) algorithm is used to generate the final combinatorial test data according to the proposed strategies. Furthermore, for some special Web services in which there is only one parameter or one method in service interface, a fuzzy mutation approach algorithm, as a complementary approach to CTCG, is also proposed. Finally, some testing experiments are conducted to verify the effectiveness of the proposed approaches in an integrated testing platform. The experiments show that proposed approaches are both feasible and effective: They can find more vulnerability faults than the traditional approaches.
KW - Combinatorial testing
KW - Mutation operator
KW - SOAP message mutation
KW - Vulnerability testing
KW - Web services testing
UR - http://www.scopus.com/inward/record.url?scp=84894269062&partnerID=8YFLogxK
U2 - 10.1007/s11761-013-0139-1
DO - 10.1007/s11761-013-0139-1
M3 - Article
AN - SCOPUS:84894269062
SN - 1863-2386
VL - 8
SP - 1
EP - 13
JO - Service Oriented Computing and Applications
JF - Service Oriented Computing and Applications
IS - 1
ER -