IEEE Transactions on Services Computing

IEEE Transactions on Services Computing (TSC) is a journal that focuses on research on the algorithmic, mathematical, statistical and computational methods that are central in services computing; the emerging field of Service Oriented Architecture, Web Services, Business Process Integration, Solution Performance Management, Services Operations and Management. Read more about TSC

From the March/April 2015 issue

Assessing and Comparing Vulnerability Detection Tools for Web Services: Benchmarking Approach and Examples

By Nuno Antunes and Marco Vieira

Featured article thumbnail imageSelecting a vulnerability detection tool is a key problem that is frequently faced by developers of security-critical web services. Research and practice shows that state-of-the-art tools present low effectiveness both in terms of vulnerability coverage and false positive rates. The main problem is that such tools are typically limited in the detection approaches implemented, and are designed for being applied in very concrete scenarios. Thus, using the wrong tool may lead to the deployment of services with undetected vulnerabilities. This paper proposes a benchmarking approach to assess and compare the effectiveness of vulnerability detection tools in web services environments. This approach was used to define two concrete benchmarks for SQL Injection vulnerability detection tools. The first is based on a predefined set of web services, and the second allows the benchmark user to specify the workload that best portrays the specific characteristics of his environment. The two benchmarks are used to assess and compare several widely used tools, including four penetration testers, three static code analyzers, and one anomaly detector. Results show that the benchmarks accurately portray the effectiveness of vulnerability detection tools (in a relative manner) and suggest that the proposed benchmarking approach can be applied in the field.

download PDF View the PDF of this article      csdl View this issue in the digital library

Editorials and Announcements



Guest Editorials

Call for Papers

Access Recently Published TSC Articles

RSS Subscribe to the RSS feed of latest TSC content added to the digital library.

Mail Sign up for the Transactions Connection Newsletter.