A Web services vulnerability testing approach based on combinatorial mutation and SOAP message mutation

Jinfu Chen, Qing Li, Chengying Mao, Dave Towey, Yongzhao Zhan, Huanhuan Wang

Research output: Journal PublicationArticlepeer-review

16 Citations (Scopus)

Abstract

The testing of Web services is an essential aspect of their quality assurance, however, because this testing often involves injecting only one mutant at one time, some vulnerability faults cannot be detected. To address this, the current paper presents a set of mutation operators that can be combined and defines the corresponding combinatorial strategies based on data perturbation and combinatorial testing. Based on this, multiple mutants can be injected at one time to help uncover interactive faults. To improve testing efficiency and effectiveness, a combinatorial testing approach focusing on Web service vulnerability is proposed: Firstly, initial test data are generated with perturbation techniques based on Web Services Description Language documents and Simple Object Access Protocol messages. Then, a combinatorial testing cases generation (CTCG) algorithm is used to generate the final combinatorial test data according to the proposed strategies. Furthermore, for some special Web services in which there is only one parameter or one method in service interface, a fuzzy mutation approach algorithm, as a complementary approach to CTCG, is also proposed. Finally, some testing experiments are conducted to verify the effectiveness of the proposed approaches in an integrated testing platform. The experiments show that proposed approaches are both feasible and effective: They can find more vulnerability faults than the traditional approaches.

Original languageEnglish
Pages (from-to)1-13
Number of pages13
JournalService Oriented Computing and Applications
Volume8
Issue number1
DOIs
Publication statusPublished - Mar 2014
Externally publishedYes

Keywords

  • Combinatorial testing
  • Mutation operator
  • SOAP message mutation
  • Vulnerability testing
  • Web services testing

ASJC Scopus subject areas

  • Software
  • Management Information Systems
  • Information Systems
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'A Web services vulnerability testing approach based on combinatorial mutation and SOAP message mutation'. Together they form a unique fingerprint.

Cite this