Security testing methodology for vulnerabilities detection of XSS in web services and WS-Security

摘要

Websites, like most other software components, are vulnerable to attacks. Cross-site scripting (XSS) attacks are a type of malicious code injection in which malicious scripts are injected into websites. Currently, many websites are used to execute software components called web services. In my opinion, web services can be considered the most important components to integrate different software technologies. Web services security, defined in the Web Services Security (WS-Security) standard, is important for analyzing XSS attacks. In this paper, the authors analyze the robustness of web services using security testing techniques. This is a very practical paper. The authors describe in detail how to test vulnerabilities in web services, and how to discover new vulnerabilities during software development before attackers exploit them. The paper shows how certain tools can be used to analyze the presence of vulnerabilities in web services and emulate an XSS attack. In addition, the authors analyze the robustness of web services with WS-Security, and security tokens against an XSS attack.