{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T15:35:01Z","timestamp":1763480101214},"reference-count":50,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2016,6,14]],"date-time":"2016-06-14T00:00:00Z","timestamp":1465862400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2017,8]]},"DOI":"10.1007\/s10207-016-0334-0","type":"journal-article","created":{"date-parts":[[2016,6,14]],"date-time":"2016-06-14T09:29:16Z","timestamp":1465896556000},"page":"435-457","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["Designing vulnerability testing tools for web services: approach, components, and tools"],"prefix":"10.1007","volume":"16","author":[{"given":"Nuno","family":"Antunes","sequence":"first","affiliation":[]},{"given":"Marco","family":"Vieira","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,6,14]]},"reference":[{"key":"334_CR1","volume-title":"Web Services: Concepts, Architectures and Applications","author":"G Alonso","year":"2004","unstructured":"Alonso, G.: Web Services: Concepts, Architectures and Applications. Springer Verlag, Berlin (2004)"},{"key":"334_CR2","unstructured":"Christey, S., Martin, R.A.: Vulnerability type distributions in CVE, V1. 0 10, 04 (2006)"},{"key":"334_CR3","unstructured":"Zanero, S., Carettoni, L., Zanchetta, M.: Automatic Detection of Web Application Security Flaws, Black Hat Briefings (2005)"},{"key":"334_CR4","doi-asserted-by":"publisher","unstructured":"Vieira, M., Antunes, N., Madeira, H.: Using Web Security Scanners to Detect Vulnerabilities in Web Services. In: IEEE\/IFIP International Conference on Dependable Systems & Networks, DSN\u201909. (Estoril, Lisbon, Portugal, 2009), pp. 566\u2013571 (2009). doi: 10.1109\/DSN.2009.5270294","DOI":"10.1109\/DSN.2009.5270294"},{"key":"334_CR5","unstructured":"Council, T.P.P.: TPC BenchmarkTM App (application server) Standard Specification, Version 1.3. http:\/\/www.tpc.org\/tpc_app\/ (2008)"},{"key":"334_CR6","doi-asserted-by":"crossref","unstructured":"Meier, W.: Web, Web-Services, and Database Systems. In: Chaudhri, A.B., Jeckle, M., Rahm, E., Unland, R. (ed.) No. 2593 in Lecture Notes in Computer Science, pp. 169\u2013183. Springer, Berlin Heidelberg (2003)","DOI":"10.1007\/3-540-36560-5_13"},{"key":"334_CR7","doi-asserted-by":"publisher","unstructured":"Fonseca, J., Vieira, M., Madeira, H.: Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks. In: 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007) (Melbourne, Australia, 2007), pp. 365\u2013372 (2007). doi: 10.1109\/PRDC.2007.55","DOI":"10.1109\/PRDC.2007.55"},{"key":"334_CR8","doi-asserted-by":"publisher","unstructured":"Antunes, N., Vieira, M.: Benchmarking Vulnerability Detection Tools for Web Services. In: IEEE Eighth International Conference on Web Services (ICWS 2010) (Miami, Florida, 2010), pp. 203\u2013210 (2010). doi: 10.1109\/ICWS.2010.76","DOI":"10.1109\/ICWS.2010.76"},{"key":"334_CR9","doi-asserted-by":"publisher","unstructured":"Antunes, N., Vieira, M.: Detecting SQL Injection Vulnerabilities in Web Services. In: Fourth Latin-American Symposium on Dependable Computing 2009 (LADC \u201909), pp. 17\u201324. IEEE Computer Society, Joao Pessoa, Brazil (2009). doi: 10.1109\/LADC.2009.21","DOI":"10.1109\/LADC.2009.21"},{"key":"334_CR10","doi-asserted-by":"publisher","unstructured":"Antunes, N., Vieira, M.: Enhancing Penetration Testing with Attack Signatures and Interface Monitoring for the Detection of Injection Vulnerabilities in Web Services. In: 2011 IEEE International Conference on Services Computing (SCC) (IEEE, 2011), pp. 104\u2013111 (2011). doi: 10.1109\/SCC.2011.67","DOI":"10.1109\/SCC.2011.67"},{"key":"334_CR11","doi-asserted-by":"publisher","unstructured":"Antunes, N., Laranjeiro, N., Vieira, M., Madeira, H.: Effective Detection of SQL\/XPath Injection Vulnerabilities in Web Services. In: 2009 IEEE International Conference on Services Computing (SCC 2009) (Bangalore, India, 2009), pp. 260\u2013267 (2009). doi: 10.1109\/SCC.2009.23","DOI":"10.1109\/SCC.2009.23"},{"key":"334_CR12","volume-title":"Java Web Services","author":"DA Chappell","year":"2002","unstructured":"Chappell, D.A., Jewell, T.: Java Web Services. O\u2019Reilly & Associates Inc, Sebastopol (2002)"},{"key":"334_CR13","unstructured":"Christensen, E., Curbera, F., Meredith, G., Weerawarana, S.: Web Service Definition Language (WSDL) 1.1. http:\/\/www.w3.org\/TR\/wsdl (2001)"},{"key":"334_CR14","volume-title":"RESTful Web Services","author":"L Richardson","year":"2007","unstructured":"Richardson, L., Ruby, S.: RESTful Web Services. O\u2019Reilly Media, Inc, Sebastopol (2007)"},{"key":"334_CR15","unstructured":"OWASP Foundation, OWASP top 10 2013. Tech. rep., Open Web Application Security Project (2013)"},{"key":"334_CR16","unstructured":"Foundation, O.: Open Web Application Security Project. http:\/\/www.owasp.org\/ (2001)"},{"key":"334_CR17","unstructured":"Acunetix. 70\u00a0% of Websites at Immediate Risk of Being Hacked! http:\/\/www.acunetix.com\/news\/security-audit-results.htm (2007)"},{"key":"334_CR18","unstructured":"NTA Monitor, Annual Web Application Security Report. Tech. rep. (2011)"},{"key":"334_CR19","volume-title":"The Web Application Hacker\u2019s Handbook: Discovering and Exploiting Security Flaws","author":"D Stuttard","year":"2007","unstructured":"Stuttard, D., Pinto, M.: The Web Application Hacker\u2019s Handbook: Discovering and Exploiting Security Flaws. Wiley, Hoboken (2007)"},{"key":"334_CR20","volume-title":"XSS Attacks: Cross Site Scripting Exploits and Defense","author":"S Fogie","year":"2007","unstructured":"Fogie, S., et al.: XSS Attacks: Cross Site Scripting Exploits and Defense. Syngress Publishing, Burlington (2007)"},{"key":"334_CR21","doi-asserted-by":"crossref","unstructured":"Jensen, M., Gruschka, N., Herkenhoner, R., Luttenberger, N.: SOA and Web Services: New Technologies, New Standards\u2014New Attacks. In: Fifth European Conference on Web Services. ECOWS \u201907, pp. 35\u201344 (2007)","DOI":"10.1109\/ECOWS.2007.9"},{"key":"334_CR22","unstructured":"OWASP Testing Project: Testing for web services\u2014OWASP testing guide v3. Tech. rep, Open Web Application Security Project (2008)"},{"key":"334_CR23","doi-asserted-by":"crossref","unstructured":"Bau, J., Bursztein, E., Gupta, D., Mitchell, J.: State of the Art: Automated Black-box Web Application Vulnerability Testing. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 332\u2013345 (2010)","DOI":"10.1109\/SP.2010.27"},{"key":"334_CR24","unstructured":"I.C.S.S.S.E.S. Committee, 1012-2012\u2014IEEE Standard for System and Software Verification and Validation, IEEE standard 1012-2012 edn. (IEEE Computer Society)"},{"key":"334_CR25","volume-title":"The Art of Software Testing","author":"GJ Myers","year":"2011","unstructured":"Myers, G.J., Sandler, C., Badgett, T.: The Art of Software Testing. Wiley, Hoboken (2011)"},{"key":"334_CR26","unstructured":"HP. HP WebInspect. https:\/\/h10078.www1.hp.com\/cda\/hpms\/display\/main\/hpms_content.jsp?zn=bto&cp=1-11-201-200 (2008)"},{"key":"334_CR27","unstructured":"IBM. IBM Rational AppScan. http:\/\/www-01.ibm.com\/software\/awdtools\/appscan\/ (2008)"},{"key":"334_CR28","unstructured":"Acunetix. Acunetix Web Vulnerability Scanner. http:\/\/www.acunetix.com\/vulnerability-scanner\/ (2008)"},{"key":"334_CR29","unstructured":"I. Foundstone. Foundstone WSDigger. http:\/\/www.foundstone.com\/us\/resources\/proddesc\/wsdigger.htm (2005)"},{"key":"334_CR30","unstructured":"OWASP Foundation. OWASP WSFuzzer Project. http:\/\/www.owasp.org\/index.php\/Category:OWASP_WSFuzzer_Project (2008)"},{"key":"334_CR31","doi-asserted-by":"crossref","unstructured":"Huang, Y., Huang, S., Lin, T., Tsai, C.: Web Application Security Assessment by Fault Injection and Behavior Monitoring. In: Proceedings of the 12th International Conference on World Wide Web (ACM, Budapest, Hungary, 2003), pp. 148\u2013159 (2003)","DOI":"10.1145\/775152.775174"},{"key":"334_CR32","doi-asserted-by":"publisher","unstructured":"Kals, S., Kirda, E., Kruegel, C., Jovanovic, N.: SecuBat: A Web Vulnerability Scanner. In: Proceedings of the 15th International Conference on World Wide Web (ACM, New York, NY, 2006), p. 247256 (2006). doi: 10.1145\/1135777.1135817","DOI":"10.1145\/1135777.1135817"},{"key":"334_CR33","doi-asserted-by":"crossref","unstructured":"Doup, A., Cova, M., Vigna, G.: In: Detection of Intrusions and Malware, and Vulnerability Assessment. no. 6201 in Lecture Notes in Computer Science (Springer Berlin Heidelberg, 2010), pp. 111\u2013131 (2010)","DOI":"10.1007\/978-3-642-14215-4_7"},{"key":"334_CR34","unstructured":"Doliner, M.: Cobertura. http:\/\/cobertura.sourceforge.net\/ (2006)"},{"key":"334_CR35","unstructured":"Atlassian. Clover\u2014Code Coverage for Java. http:\/\/www.atlassian.com\/software\/clover\/ (2010)"},{"key":"334_CR36","doi-asserted-by":"publisher","unstructured":"Balzarotti, D., et al.: Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications. In: IEEE Symposium on Security and Privacy. SP 2008, 66, pp. 387\u2013401 (2008). doi: 10.1109\/SP.2008.22","DOI":"10.1109\/SP.2008.22"},{"key":"334_CR37","doi-asserted-by":"publisher","unstructured":"Su, Z., Wassermann, G.: The Essence of Command Injection Attacks in Web Applications, In: Conference Record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL \u201906, 41 (ACM, New York, NY, 2006), POPL \u201906, p. 372382 (2006). doi: 10.1145\/1111037.1111070","DOI":"10.1145\/1111037.1111070"},{"key":"334_CR38","doi-asserted-by":"crossref","unstructured":"Halfond, W., Orso, A.: AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks, In: Proceedings of the 20th IEEE\/ACM International Conference on Automated Software Engineering, p. 183 (2005)","DOI":"10.1145\/1101908.1101935"},{"key":"334_CR39","doi-asserted-by":"publisher","unstructured":"Laranjeiro, N., Vieira, M., Madeira, H.: A Technique for Deploying Robust Web Services. IEEE Transactions on Services Computing PP(99), 1 (2012). doi: 10.1109\/TSC.2012.39","DOI":"10.1109\/TSC.2012.39"},{"key":"334_CR40","unstructured":"Kaner, C.: Software Negligence and Testing Coverage. In: Proceedings of STAR 96: The Fifth International Conference on Software Testing Analysis and Review (Orlando, FL, 1996), pp. 299\u2013327 (1996)"},{"key":"334_CR41","doi-asserted-by":"publisher","unstructured":"Kindy, D., Pathan, A.S.: A Survey on SQL Injection: Vulnerabilities, Attacks, and Prevention Techniques. In: 2011 IEEE 15th International Symposium on Consumer Electronics (ISCE), pp. 468\u2013471 (2011). doi: 10.1109\/ISCE.2011.5973873","DOI":"10.1109\/ISCE.2011.5973873"},{"key":"334_CR42","doi-asserted-by":"crossref","unstructured":"Vieira, M., Laranjeiro, N., Madeira, H.: Assessing Robustness of Web-services Infrastructures. In: 37th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks, DSN\u201907, pp. 131\u2013136 (2007)","DOI":"10.1109\/DSN.2007.16"},{"key":"334_CR43","unstructured":"eviware. soapUI. http:\/\/www.soapui.org\/ (2008)"},{"key":"334_CR44","volume-title":"Seven Deadliest Web Application Attacks","author":"M Shema","year":"2010","unstructured":"Shema, M.: Seven Deadliest Web Application Attacks. Syngress, Burlington (2010)"},{"key":"334_CR45","unstructured":"Halfond, W.G., Viegas, J., Orso, A.: A Classification of SQL-injection Attacks and Countermeasures. In: International Symposium on Secure Software Engineering (2006)"},{"key":"334_CR46","unstructured":"Antunes, N., Vieira, M.: Vulnerability Testing Tools for Web Services. http:\/\/eden.dei.uc.pt\/~mvieira\/ (2013)"},{"key":"334_CR47","doi-asserted-by":"crossref","unstructured":"Sabhnani, M., Serpen, G.: Why Machine Learning Algorithms Fail in Misuse Detection on KDD Intrusion Detection Data Set. Intelligent Data Analysis 8(4), 403\u2013415 (2004)","DOI":"10.3233\/IDA-2004-8406"},{"key":"334_CR48","doi-asserted-by":"crossref","unstructured":"Kiczales, G.J., et al.: Aspect-oriented programming. US Patent 6,467,086 (2002)","DOI":"10.21236\/ADA417906"},{"key":"334_CR49","volume-title":"Database Programming with JDBC and JAVA","author":"G Reese","year":"2000","unstructured":"Reese, G., Oram, A.: Database Programming with JDBC and JAVA. O\u2019Reilly & Associates, Inc., Sebastopol (2000)"},{"key":"334_CR50","unstructured":"Transaction Processing Performance Council. Transaction processing performance council. http:\/\/www.tpc.org\/ (2009)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10207-016-0334-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-016-0334-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-016-0334-0","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-016-0334-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,8,18]],"date-time":"2023-08-18T21:56:25Z","timestamp":1692395785000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10207-016-0334-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,6,14]]},"references-count":50,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,8]]}},"alternative-id":["334"],"URL":"https:\/\/doi.org\/10.1007\/s10207-016-0334-0","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,6,14]]}}}