IEEE Transactions on Services Computing
IEEE Transactions on Services Computing (TSC) is a journal that focuses on research on the algorithmic, mathematical, statistical and computational methods that are central in services computing; the emerging field of Service Oriented Architecture, Web Services, Business Process Integration, Solution Performance Management, Services Operations and Management. Read more about TSC
From the March/April 2015 issue
Assessing and Comparing Vulnerability Detection Tools for Web Services: Benchmarking Approach and Examples
By Nuno Antunes and Marco Vieira
Selecting a vulnerability detection tool is a key problem that is frequently faced by developers of security-critical web services. Research and practice shows that state-of-the-art tools present low effectiveness both in terms of vulnerability coverage and false positive rates. The main problem is that such tools are typically limited in the detection approaches implemented, and are designed for being applied in very concrete scenarios. Thus, using the wrong tool may lead to the deployment of services with undetected vulnerabilities. This paper proposes a benchmarking approach to assess and compare the effectiveness of vulnerability detection tools in web services environments. This approach was used to define two concrete benchmarks for SQL Injection vulnerability detection tools. The first is based on a predefined set of web services, and the second allows the benchmark user to specify the workload that best portrays the specific characteristics of his environment. The two benchmarks are used to assess and compare several widely used tools, including four penetration testers, three static code analyzers, and one anomaly detector. Results show that the benchmarks accurately portray the effectiveness of vulnerability detection tools (in a relative manner) and suggest that the proposed benchmarking approach can be applied in the field.
Editorials and Announcements
- Get Your Journals as eBooks for Free
- Congrats to TSC's Editor-in-Chief, Ling Liu, on winning the 2012 IEEE Computer Society Technical Achievement Award!
- TSC celebrates its 5th anniversary
- Editorial: Service Computing in 2015 (Jan-Feb 2015)
- Editorial: Service Computing in the Next Seven Years (Oct-Dec 2014)
- Editorial: A Message from the Editor-in-Chief (Apr-June 2013)
- Introduction of new Associate Editors (Jan-Mar 2013)
- Editorial: A message from the new Editor-in-Chief (Jan-Mar 2013)
- Editorial: Farewell and Introduction to the New Editor-in-Chief (Jan-Mar 2013)
- Editorial: Moving to the Fifth Year of TSC (Jan-Mar 2012)
- Guest Editorial: Special Issue on Clouds for Social Computing (July-Sept 2014)
- Guest Editorial: Special Section on Social and Economic Computing (Apr-June 2013)
- Guest Editorial: Special Issue on Cloud Computing (Oct-Dec 2012)
- Guest Editorial: Special Section on Enforcement and Management in Services Computing (Apr-Jun 2012)
Call for Papers
- Special Issue on Security and Dependability of Cloud Systems and Services (PDF)
Submission Deadline: May 31, 2015.
- Special Issue on Service-Oriented Collaborative Computing and Applications (PDF)
Submission Deadline: June 15, 2015.
- Special Issue on Services and Software Engineering towards Internetware (PDF)
Submission Deadline: October 1, 2015.
- Special Issue on Software Engineering and Applications for Cloud-based Mobile Systems (PDF)
Submission Deadline: November 1, 2015.
Access Recently Published TSC Articles
Subscribe to the RSS feed of latest TSC content added to the digital library.
Sign up for the Transactions Connection Newsletter.