发明名称 |
Testing web services that are accessible via service oriented architecture (SOA) interceptors |
摘要 |
Systems, methods, and computer program products are disclosed for testing web service-related elements, where the instructions of a web service-related element are statically analyzed to identify a characteristic of an output of the web service-related element, and where it is determined from a received response to a web service request that the web service request was processed by the web service-related element if at least a portion of the response matches the characteristic of the output of the web service-related element. |
申请公布号 |
US8949991(B2) |
申请公布日期 |
2015.02.03 |
申请号 |
US201113016813 |
申请日期 |
2011.01.28 |
申请人 |
International Business Machines Corporation |
发明人 |
Beskrovny Evgeny;Tripp Omer |
分类号 |
G06F11/00;G06F21/00 |
主分类号 |
G06F11/00 |
代理机构 |
Konrad, Raynes, Davda and Victor LLP |
代理人 |
Davda Janaki K.;Konrad, Raynes, Davda and Victor LLP |
主权项 |
1. A method for testing web service-related elements, the method comprising:
statically analyzing instructions of a plurality of web service-related elements, including a target web service-related element to identify a characteristic of an output of each web service-related element, wherein the target web service-related element is a web service exposed application programming interface (API); determining that at least two of the plurality of web service-related elements have a same output; in response to determining that at least two of the plurality of web service-related elements have the same output, determining an input condition for each of the at least two of the plurality of web service-related elements that results in the same output; synthesizing an attack on the target web service-related element using the characteristic of the same output of the target web service-related element and the input condition that results in the same output; presenting the attack in the form of a web service request to attempt to reach the target web service-related element through a plurality of other web-service related elements layered with respect to each other; receiving a response to the web service request sent to the target web service-related element through one or more of the other web-service related elements; and in response to determining that at least a portion of the response matches the characteristic of the output of the target web service-related element, determining that the web service request was processed by the target web service-related element. |
地址 |
Armonk NY US |