{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T06:52:21Z","timestamp":1760597541206},"reference-count":49,"publisher":"Sociedade Brasileira de Computacao - SB","issue":"2","license":[{"start":{"date-parts":[[2012,7,14]],"date-time":"2012-07-14T00:00:00Z","timestamp":1342224000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/2.0"},{"start":{"date-parts":[[2012,7,14]],"date-time":"2012-07-14T00:00:00Z","timestamp":1342224000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/2.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Internet Serv Appl"],"published-print":{"date-parts":[[2012,9]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>The use of Web services in enterprise applications is quickly increasing. In a Web services environment, providers supply a set of services for consumers. However, although Web services are being used in business-critical environments, there are no practical means to test or compare their robustness to invalid and malicious inputs. In fact, client applications are typically developed with the assumption that the services being used are robust, which is not always the case. Robustness failures in such environments are particularly dangerous, as they may originate vulnerabilities that can be maliciously exploited, with severe consequences for the systems under attack. This paper addresses the problem of robustness testing in Web services environments. The proposed approach is based on a set of robustness tests (including both malicious and non-malicious invalid call parameters) that is used to discover programming and design errors. This approach, useful for both service providers and consumers, is demonstrated by two sets of experiments, showing, respectively, the use of Web services Robustness testing from the consumer and the provider points of view. The experiments comprise the robustness testing of 1,204 Web service operations publicly available in the Internet and of 29 home-implemented services, including two different implementations of the Web services specified by the standard TPC-App performance benchmark. Results show that many Web services are deployed with critical robustness problems and that robustness testing is an effective approach to improve services quality.<\/jats:p>","DOI":"10.1007\/s13174-012-0062-2","type":"journal-article","created":{"date-parts":[[2012,7,14]],"date-time":"2012-07-14T04:29:51Z","timestamp":1342240191000},"page":"215-232","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":16,"title":["A robustness testing approach for SOAP Web services"],"prefix":"10.5753","volume":"3","author":[{"given":"Nuno","family":"Laranjeiro","sequence":"first","affiliation":[]},{"given":"Marco","family":"Vieira","sequence":"additional","affiliation":[]},{"given":"Henrique","family":"Madeira","sequence":"additional","affiliation":[]}],"member":"3742","published-online":{"date-parts":[[2012,7,14]]},"reference":[{"key":"62_CR1","volume-title":"Java Web services: using java in service-oriented architectures","author":"DA Chappel","year":"2002","unstructured":"Chappel DA, Jewell T (2002) Java Web services: using java in service-oriented architectures, O\u2019Reilly"},{"key":"62_CR2","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1109\/4236.991449","volume":"6","author":"F Curbera","year":"2002","unstructured":"Curbera F et al (2002) Unraveling the Web services web: an introduction to SOAP, WSDL, and UDDI. IEEE Internet Comput 6:86\u201393","journal-title":"IEEE Internet Comput"},{"key":"62_CR3","unstructured":"Bellwood T (ed) (2002) UDDI Version 2.04 API Specification. http:\/\/uddi.org\/pubs\/ProgrammersAPI_v2.htm"},{"key":"62_CR4","unstructured":"Andrews T et al. (2003) Business process execution language for Web services, v. 1.1"},{"issue":"5","key":"62_CR5","doi-asserted-by":"publisher","first-page":"455","DOI":"10.1109\/32.387474","volume":"21","author":"I Lee","year":"1995","unstructured":"Lee I, Iyer RK (1995) Software dependability in the tandem GUARDIAN system. IEEE Trans Softw Eng 21(5):455\u2013467","journal-title":"IEEE Trans Softw Eng"},{"key":"62_CR6","unstructured":"Kalyanakrishnam M, Kalbarczyk Z, Iyer R (1999) Failure data analysis of a LAN of windows NT based computers. In: Symposium on reliable distributed database systems, SRDS18, Switzerland"},{"key":"62_CR7","unstructured":"Sullivan M, Chillarege R (1991) Software defects and their impact on systems availability. A study of field failures on operating systems. In: Proceedings of the 21st Fault Tolerant Computing, symposium, FTCS-21, pp 2\u20139"},{"key":"62_CR8","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1109\/52.714817","volume":"15","author":"E Weyuker","year":"1998","unstructured":"Weyuker E (1998) Testing component-based software: a cautionary tale. IEEE Softw 15:54\u201359","journal-title":"IEEE Softw"},{"issue":"6","key":"62_CR9","doi-asserted-by":"publisher","first-page":"366","DOI":"10.1109\/32.601075","volume":"23","author":"A Mukherjee","year":"1997","unstructured":"Mukherjee A, Siewiorek DP (1997) Measuring software dependability by robustness benchmarking. IEEE Trans Softw Eng 23(6):366\u2013378","journal-title":"IEEE Trans Softw Eng"},{"key":"62_CR10","doi-asserted-by":"crossref","unstructured":"Rodrguez M, Salles F, Fabre J-C, Arlat J (1999) MAFALDA: microkernel assessment by fault injection and design aid. In: 3rd European dependable computing conference, EDCC-3","DOI":"10.1007\/3-540-48254-7_11"},{"key":"62_CR11","doi-asserted-by":"crossref","unstructured":"Koopman P, DeVale J (1999) Comparing the robustness of POSIX operating systems. In: Twenty-Ninth annual international symposium on fault-tolerant computing, 1999. Digest of Papers, pp 30\u201337","DOI":"10.1109\/FTCS.1999.781031"},{"key":"62_CR12","doi-asserted-by":"crossref","unstructured":"Vieira M, Laranjeiro N, Madeira H (2007) Benchmarking the robustness of Web-services. In: Proceedings of the The 13th IEEE Pacific Rim dependable computing conference, PRDC07. Melbourne, Victoria, Australia","DOI":"10.1109\/PRDC.2007.56"},{"key":"62_CR13","volume-title":"Service-oriented architecture: concepts, technology, and design","author":"T Erl","year":"2005","unstructured":"Erl T (2005) Service-oriented architecture: concepts, technology, and design. Prentice Hall, Upper Saddle River"},{"key":"62_CR14","unstructured":"Gudgin M et al. (2007) SOAP Version 1.2 Part 1: Messaging frame-work, 2nd edn, Web Services Activity: XML Protocol Working Group. http:\/\/www.w3.org\/TR\/soap\/"},{"key":"62_CR15","unstructured":"Miller BP, Koski D, Lee CP, Maganty V, Murthy R, Natarajan A, Steidl J (1995) Fuzz revisited: a re-examination of the reliability of UNIX utilities and services, University of Wisconsin, USA, Research, Report, CS-TR-95-1268"},{"key":"62_CR16","doi-asserted-by":"crossref","unstructured":"Siewiorek DP, Hudak JJ, Suh B-H, Segall Z (1993) Development of a benchmark to measure system robustness. In: 23rd International symposium on fault-tolerant computing, FTCS-23. Toulouse, France, pp 88\u201397","DOI":"10.1109\/FTCS.1993.627311"},{"key":"62_CR17","unstructured":"Carrette GJ (1996) CRASHME: random input testing. http:\/\/people.delphi.com\/gjc\/crashme.html"},{"key":"62_CR18","unstructured":"Fabre J-C, Salles F, Rodr\u2019guez Moreno M, Arlat J (1999) Assessment of COTS microkernels by fault injection. In: 7th IFIP working conference on dependable computing for critical applications: DCCA-7. CA, USA, San Jose"},{"key":"62_CR19","doi-asserted-by":"crossref","unstructured":"Koopman P et al (1997) Comparing operating systems using robustness benchmarks. The sixteenth symposium on reliable distributed systems, In, pp 72\u201379","DOI":"10.1109\/RELDIS.1997.632800"},{"key":"62_CR20","unstructured":"Shelton C, Koopman P, Vale KD (2000) Robustness testing of the microsoft Win32 API. In: International conference on dependable systems and networks, DSN2000. NY, USA, New York"},{"key":"62_CR21","unstructured":"Pan J, Koopman PJ, Siewiorek DP, Huang Y, Gruber R, Jiang ML (2001) Robustness testing and hardening of CORBA ORB implementations. In: Proceedings of the 2001 international conference on dependable systems and networks, DSN-2001. Gothenburg, Sweden, pp 141\u201350"},{"key":"62_CR22","unstructured":"Rodrguez M, Albinet A, Arlat J (2002) MAFALDA-RT: a tool for dependability assessment of real-time systems. In: IEEE\/IFIP international conference on dependable systems and networks, DSN (2002) Bethesda MD , USA"},{"key":"62_CR23","unstructured":"Rodrguez M, Fabre J-C, Arlat J (2001) Dependability assessment of real-time systems, LAAS-CNRS, Research, Report, N01\u2013189"},{"key":"62_CR24","doi-asserted-by":"crossref","unstructured":"Marsden E, Fabre J-C (2001) Failure mode analysis of CORBA service implementations. In: Proceedings of the IFIP\/ACM international conference on distributed systems platforms, Middleware\u20192001. Germany, Heidelberg","DOI":"10.1007\/3-540-45518-3_12"},{"key":"62_CR25","doi-asserted-by":"crossref","unstructured":"Mendona M, Neves N (2007) Robustness testing of the windows DDK. In: 37th Annual IEEE\/IFIP International conference on dependable systems and, networks, pp 554\u2013564","DOI":"10.1109\/DSN.2007.85"},{"key":"62_CR26","doi-asserted-by":"crossref","unstructured":"Siblini R, Mansour N (2005) Testing Web services. In: The 3rd ACS\/IEEE international conference on computer systems and applications, p 135","DOI":"10.1109\/AICCSA.2005.1387124"},{"key":"62_CR27","unstructured":"Xu W et al. (2005) Testing Web services by XML perturbation. In: 16th IEEE international symposium on software reliability engineering"},{"key":"62_CR28","doi-asserted-by":"crossref","unstructured":"Fu C, Ryder BG, Milanova A, Wonnacott D (2004) Testing of java web services for robustness. In: Proceedings of the 2004 ACM SIGSOFT international symposium on software testing and, analysis. 2334","DOI":"10.1145\/1007512.1007516"},{"key":"62_CR29","doi-asserted-by":"crossref","first-page":"227239","DOI":"10.1007\/s10796-008-9086-3","volume":"11","author":"MG Fugini","year":"2009","unstructured":"Fugini MG, Pernici B, Ramoni F (2009) Quality analysis of composed services through fault injection. Inf Syst Front 11:227239","journal-title":"Inf Syst Front"},{"key":"62_CR30","unstructured":"Seung HK, Hyeon SK (2009) Robustness testing framework for Web services composition. In: Services computing conference, 2009. APSCC 2009. IEEE Asia-Pacific, pp 319\u2013324"},{"key":"62_CR31","doi-asserted-by":"crossref","unstructured":"Laranjeiro N, Canelas S, Vieira M, (2008) wsrbench: an on-line tool for robustness benchmarking. In: 2008 IEEE international conference on services computing, SCC 2008. Honolulu, Hawaii, USA","DOI":"10.1109\/SCC.2008.123"},{"key":"62_CR32","unstructured":"W3C, W3C XML Schema (2008). http:\/\/www.w3.org\/XML\/Schema"},{"key":"62_CR33","unstructured":"Eviware, soapUI (2007). http:\/\/www.soapui.org\/"},{"key":"62_CR34","volume-title":"Denver","author":"Bartolini C, Bertolino A, Marchetti E, Polini A (2009) WS-TAXI: A WSDL-based testing tool for Web services. In: International conference on software testing verification and validation, ICST","year":"2009","unstructured":"Bartolini C, Bertolino A, Marchetti E, Polini A (2009) WS-TAXI: A WSDL-based testing tool for Web services. In: International conference on software testing verification and validation, ICST (2009) Denver. CL, USA"},{"key":"62_CR35","doi-asserted-by":"crossref","unstructured":"Santiago V, Amaral A, Vijaykumar NL, Mattiello-Francisco M, Martins E, Lopes O (2006) A practical approach for automated test case generation using statecharts. COMPSAC 2006","DOI":"10.1109\/COMPSAC.2006.100"},{"key":"62_CR36","doi-asserted-by":"crossref","unstructured":"de Barros M, Shiau J, Gidewall K, Shang C, Forsmann J, Shi H (2007) Web services wind tunnel: on performance testing large-scale stateful Web services. In: IEEE\/IFIP international conference on dependable systems and networks, DSN 2007. Edinburgh, UK","DOI":"10.1109\/DSN.2007.102"},{"key":"62_CR37","volume-title":"IEEE Computer Society","author":"Laranjeiro N, Oliveira R, Vieira M (2010) Applying text classification algorithms in Web services robustness testing. In: 29th IEEE international symposium on reliable distributed systems (SRDS","year":"2010","unstructured":"Laranjeiro N, Oliveira R, Vieira M (2010) Applying text classification algorithms in Web services robustness testing. In: 29th IEEE international symposium on reliable distributed systems (SRDS (2010) IEEE Computer Society. New Delhi, India"},{"key":"62_CR38","unstructured":"Stock A, Williams J, Wichers D (2007) OWASP top 10, OWASP Foundation"},{"key":"62_CR39","first-page":"0470170778","volume":"10","author":"D Stuttard","year":"2007","unstructured":"Stuttard D, Pinto M (2007) The Web application Hacker\u2019s hand-book: discovering and exploiting security Flaws, Wiley. New York. ISBN- 10:0470170778","journal-title":"New York. ISBN-"},{"key":"62_CR40","unstructured":"Web Application Security Consortium, Classes of Attack (2008). http:\/\/www.webappsec.org\/projects\/threat\/classes_of_attack.shtml"},{"key":"62_CR41","doi-asserted-by":"crossref","unstructured":"Antunes N, Vieira M, Madeira H (2009) Using Web security scanners to detect vulnerabilities in Web services. In: IEEE\/IFIP international conference on dependable systems and networks, DSN 2009, Lisbon, Portugal","DOI":"10.1109\/DSN.2009.5270294"},{"key":"62_CR42","doi-asserted-by":"crossref","unstructured":"Laranjeiro N, Vieira M, Madeira H (2010) Web services robustness testing results summary. http:\/\/eden.dei.uc.pt\/~cnl\/papers\/2010-tsc-robustness.zip","DOI":"10.1109\/ICWS.2009.27"},{"key":"62_CR43","unstructured":"Planet Source Code (2010). http:\/\/www.planet-source-code.com\/"},{"key":"62_CR44","unstructured":"Transaction Processing Performance Council, TPC BenchmarkTM App (Application Server) Standard Specification, Version 1.1 (2005). http:\/\/www.tpc.org\/tpc_app\/"},{"key":"62_CR45","first-page":"23","volume-title":"Software fault tolerance, Chap 2","author":"A Avizienis","year":"1995","unstructured":"Avizienis A (1995) The methodology of N-version programming. In: Lyu MR (ed) Software fault tolerance, Chap 2. Wiley, New York, pp 23\u201346"},{"key":"62_CR46","unstructured":"JBoss, JBoss Application Server Documentation Library. http:\/\/labs.jboss.com\/portal\/jbossas\/docs. Accessed 12 June 2012"},{"key":"62_CR47","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/505282.505283","volume":"34","author":"F Sebastiani","year":"2002","unstructured":"Sebastiani F (2002) Machine learning in automated text categorization. ACM Comput Surv 34:1\u201347","journal-title":"ACM Comput Surv"},{"key":"62_CR48","unstructured":"Apache Software Foundation, Maven (2010). http:\/\/maven.apache.org"},{"key":"62_CR49","unstructured":"Apache Software Foundation, Jakarta Commons Validator. http:\/\/jakarta.apache.org\/commons\/validator\/. Accessed 12 June 2012"}],"container-title":["Journal of Internet Services and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13174-012-0062-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s13174-012-0062-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/www.springerlink.com\/index\/pdf\/10.1007\/s13174-012-0062-2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13174-012-0062-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,9]],"date-time":"2022-02-09T22:14:46Z","timestamp":1644444886000},"score":1,"resource":{"primary":{"URL":"https:\/\/jisajournal.springeropen.com\/articles\/10.1007\/s13174-012-0062-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,7,14]]},"references-count":49,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2012,9]]}},"alternative-id":["62"],"URL":"https:\/\/doi.org\/10.1007\/s13174-012-0062-2","relation":{},"ISSN":["1867-4828","1869-0238"],"issn-type":[{"value":"1867-4828","type":"print"},{"value":"1869-0238","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,7,14]]},"assertion":[{"value":"23 March 2011","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 May 2012","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 July 2012","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}