Survey on a Novel Approach for Web Service - Security Testing to Improve Web Service Robustness

To have flexibility of providing services available (in service oriented architecture) across various platform, we need to expose web services due to its open nature in the system. The use of web services in todays industry has been widely grown, which causes to the new security challenges. Increasing demand has increased challenges on information security, it becomes important to provide robustness to the web services. The various web services attacks such as XML injection, XPath Injection, Cross-site scripting (XSS), that corrupts web services requests to maliciously harm web service which may in turn provide unwanted information, which harmful to the organization. Studies has shown that current different testing available techniques such as penetration testing and fuzzy scanning- generates several false results i. e. positive and negative indications. However, fault injection technique improves robustness of web service application, through greater flexibility to modify the test cases and find software bugs. This work describes the fault injection technique with WS-Security (UsernameToken) to evaluate robustness of web services and development of set of rules to determine vulnerability analysis, resulting on the improvement of vulnerability detector accuracy.