| 发明名称 | Testing web services that are accessible via service oriented architecture (SOA) interceptors | ||
| 摘要 | Systems, methods, and computer program products are disclosed for testing web service-related elements, where the instructions of a web service-related element are statically analyzed to identify a characteristic of an output of the web service-related element, and where it is determined from a received response to a web service request that the web service request was processed by the web service-related element if at least a portion of the response matches the characteristic of the output of the web service-related element. | ||
| 申请公布号 | US8949991(B2) | 申请公布日期 | 2015.02.03 |
| 申请号 | US201113016813 | 申请日期 | 2011.01.28 |
| 申请人 | International Business Machines Corporation | 发明人 | Beskrovny Evgeny;Tripp Omer |
| 分类号 | G06F11/00;G06F21/00 | 主分类号 | G06F11/00 |
| 代理机构 | Konrad, Raynes, Davda and Victor LLP | 代理人 | Davda Janaki K.;Konrad, Raynes, Davda and Victor LLP |
| 主权项 | 1. A method for testing web service-related elements, the method comprising: statically analyzing instructions of a plurality of web service-related elements, including a target web service-related element to identify a characteristic of an output of each web service-related element, wherein the target web service-related element is a web service exposed application programming interface (API); determining that at least two of the plurality of web service-related elements have a same output; in response to determining that at least two of the plurality of web service-related elements have the same output, determining an input condition for each of the at least two of the plurality of web service-related elements that results in the same output; synthesizing an attack on the target web service-related element using the characteristic of the same output of the target web service-related element and the input condition that results in the same output; presenting the attack in the form of a web service request to attempt to reach the target web service-related element through a plurality of other web-service related elements layered with respect to each other; receiving a response to the web service request sent to the target web service-related element through one or more of the other web-service related elements; and in response to determining that at least a portion of the response matches the characteristic of the output of the target web service-related element, determining that the web service request was processed by the target web service-related element. | ||
| 地址 | Armonk NY US | ||