Welcome to the InfoSci Platform
Detecting Vulnerabilities in Web Services: Can Developers Rely on Existing Tools?

Detecting Vulnerabilities in Web Services: Can Developers Rely on Existing Tools?

Nuno Antunes, Marco Vieira
Copyright: © 2012 |Pages: 25
ISBN13: 9781609607944|ISBN10: 1609607945|EISBN13: 9781609607951
DOI: 10.4018/978-1-60960-794-4.ch018
Cite Chapter Cite Chapter

MLA

Antunes, Nuno, and Marco Vieira. "Detecting Vulnerabilities in Web Services: Can Developers Rely on Existing Tools?." Performance and Dependability in Service Computing: Concepts, Techniques and Research Directions, edited by Valeria Cardellini, et al., IGI Global, 2012, pp. 402-426. https://doi.org/10.4018/978-1-60960-794-4.ch018

APA

Antunes, N. & Vieira, M. (2012). Detecting Vulnerabilities in Web Services: Can Developers Rely on Existing Tools?. In V. Cardellini, E. Casalicchio, K. Castelo Branco, J. Estrella, & F. Monaco (Eds.), Performance and Dependability in Service Computing: Concepts, Techniques and Research Directions (pp. 402-426). IGI Global. https://doi.org/10.4018/978-1-60960-794-4.ch018

Chicago

Antunes, Nuno, and Marco Vieira. "Detecting Vulnerabilities in Web Services: Can Developers Rely on Existing Tools?." In Performance and Dependability in Service Computing: Concepts, Techniques and Research Directions, edited by Valeria Cardellini, et al., 402-426. Hershey, PA: IGI Global, 2012. https://doi.org/10.4018/978-1-60960-794-4.ch018

Export Reference

Mendeley
Favorite

Abstract

Although web services are becoming business-critical components, they are often deployed with software bugs that can be maliciously exploited. Numerous developers are not specialized on security and the common time-to-market constraints limit an in-depth testing for vulnerabilities. In this context, vulnerability detection tools have a very important role helping the developers to produce less vulnerable code. However, developers usually select a tool to use and rely on its results without knowing its real effectiveness. This chapter presents two case studies on the effectiveness of several well-known vulnerability detection tools and discusses their strengths and limitations. Based on lessons learned, the chapter also proposes a benchmarking technique that can be used to select the tool that best fits a specific scenario. The main goal is to provide web service developers with information on how much they can rely on widely used vulnerability detection tools and on how to select the most adequate tool.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.