Benchmarking Vulnerability Detection Tools for Web Services

Nuno Antunes; Marco Vieira

doi:10.1109/ICWS.2010.76

I
ICWS
2010
2010 IEEE International Conference on Web Services
Abstract - Benchmarking Vulnerability Detection Tools for Web Services

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Nuno Antunes Articles by Marco Vieira

2010 IEEE International Conference on Web Services

Benchmarking Vulnerability Detection Tools for Web Services

Miami, Florida

July 05-July 10

ISBN: 978-0-7695-4128-0

	ASCII Text	x
	Nuno Antunes, Marco Vieira, "Benchmarking Vulnerability Detection Tools for Web Services," 2012 IEEE 19th International Conference on Web Services, pp. 203-210, 2010 IEEE International Conference on Web Services, 2010.

	BibTex	x
	@article{ 10.1109/ICWS.2010.76, author = {Nuno Antunes and Marco Vieira}, title = {Benchmarking Vulnerability Detection Tools for Web Services}, journal ={2012 IEEE 19th International Conference on Web Services}, volume = {0}, year = {2010}, isbn = {978-0-7695-4128-0}, pages = {203-210}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICWS.2010.76}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - 2012 IEEE 19th International Conference on Web Services TI - Benchmarking Vulnerability Detection Tools for Web Services SN - 978-0-7695-4128-0 SP203 EP210 A1 - Nuno Antunes, A1 - Marco Vieira, PY - 2010 KW - web-services KW - security KW - vulnerability detection KW - benchmarking VL - 0 JA - 2012 IEEE 19th International Conference on Web Services ER -

Nuno Antunes

Marco Vieira

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICWS.2010.76

Vulnerability detection tools are frequently considered the silver-bullet for detecting vulnerabilities in web services. However, research shows that the effectiveness of most of those tools is very low and that using the wrong tool may lead to the deployment of services with undetected vulnerabilities. In this paper we propose a benchmarking approach to assess and compare the effectiveness of vulnerability detection tools in web services environments. This approach was used to define a concrete benchmark for SQL Injection vulnerability detection tools. This benchmark is demonstrated by a real example of benchmarking several widely used tools, including four penetration-testers, three static code analyzers, and one anomaly detector. Results show that the benchmark accurately portrays the effectiveness of vulnerability detection tools and suggest that the proposed approach can be applied in the field.

Index Terms:

web-services, security, vulnerability detection, benchmarking

Citation:

Nuno Antunes, Marco Vieira, "Benchmarking Vulnerability Detection Tools for Web Services," icws, pp.203-210, 2010 IEEE International Conference on Web Services, 2010

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.