IDENTIFYING STORED VULNERABILITIES IN A WEB SERVICE

摘要

A computer identifies each web method, of a web service, declared in a web services description language (WSDL) file. The computer adds a node within a directed graph for each web method identified. The computer identifies pairs of web methods declared in the WSDL file in which a match exists between an output parameter of one of the web methods and an input parameter of another one of the web methods. The computer adds an edge within the directed graph for each of the pairs of web methods identified. The computer generates one or more sequences of web methods based on nodes connected by edges within the directed graph, wherein each of the one or more sequences includes at least one of the pairs of web methods identified. The computer tests each of the one or more sequences of web methods to identify stored vulnerabilities in the web service.

主权项

1. A method for identifying stored vulnerabilities in a web service, the method comprising the steps of:
identifying each web method, of a web service, declared in a web services description language (WSDL) file; adding a node within a directed graph for each web method identified; identifying pairs of web methods declared in the WSDL file in which a match exists between an output parameter of one of the web methods within one of the pairs identified, and an input parameter of another one of the web methods within the one of the pairs identified; adding an edge within the directed graph for each of the pairs of web methods identified; generating one or more sequences of web methods based on nodes connected by edges within the directed graph, wherein each of the one or more sequences of web methods includes at least one of the pairs of web methods identified; and testing each of the one or more sequences of web methods to identify stored vulnerabilities in the web service.