关键词: Web服务 安全性测试 模式中毒 路由劫持 WSDL扫描

Abstract:

Web services are applied more and more widely. The security flaws and vulnerabilities in Web services are growing. Web services security have become increasingly prominent. Web services security testing is an important means to ensure Web services security and decrease security risks. This paper prese  nts a Web services security testing framework, and investigates the main security function requirements and implementation standards of Web services. Italso discusses the principle of implementing security function testing. From the perspective of Web services attacking, it discusses the Web services s ecurity vulnerability testing,and analyzes the test methods for the common vulnerabilities.

Key words: Web services, security testing, schema poisoning, routing detours, WSDL scanning