【摘要】 针对传统的Web服务安全性测试方法存在的低效、缺乏灵活性、不适应复杂安全功能测试及难以实现异常测试等问题,本文提出一种基于WSDL文件动态解析和安全功能分解的Web服务安全性测试方法。该方法采用运行时动态解析WSDL文件的方式解决了传统测试方法与被测Web服务紧耦合的问题,将复杂安全功能分解为7类原子安全处理类型,使其能够有效适应复杂安全功能测试的需要,采用故障注入机制生成错误的SOAP消息使其支持异常测试。实验结果表明,该方法具有灵活性、高效性和先进性。更多还原

【Abstract】 The traditional Web services security testing methods are inefficient,inflexible and do not meet the complex security testing requirements and have difficulty in achieving negative testing. This paper presents a Web services security testing method based on dynamically parsing WSDLs and decomposing security functions. The method solves the problem that traditional testing methods are tightly coupled to the services under testing by dynamically parsing WSDLs. Complex security functions are divided into seven categories of atom security functions so that it can be adapted to complex security testing. It also uses a fault injection mechanism to generate error messages. The experimental results show that the method is flexible,efficient and advanced.更多还原