C OV ER F E AT U RE

Penetration
Testing for
Web Services
Nuno Antunes and Marco Vieira, University
of Coimbra, Portugal

Web services are often deployed with criti-
cal software security faults that open them
to malicious attack. Penetration testing us-
ing commercially available automated tools
can help avoid such faults, but new analy-
sis of several popular testing tools reveals
significant failings in their performance.
and implementation stages to avoid potential vulnerabil-
ities, and including environment runtime mechanisms
to detect and remove potential vulnerabilities and coun-
ter possible attacks during deployment and testing.4 As a
response, various methods for identifying security vul-
nerabilities have evolved,5 including static and dynamic
analysis, runtime anomaly detection, and penetration
testing. The latter, which simulates multiple attempted in-
cursions of malicious values from an attacker’s perspective
using a black-box approach to reveal specific vulnerabili-

W
eb services commonly provide the strate-
gic vehicle for content distribution, data
exchange, and other critical processes
within widely adopted service-oriented
architectures (SOAs).1 As with other Web applications,
Web services’ exposure, in conjunction with improper
software coding, can make it relatively easy for hackers to
uncover and exploit any security vulnerabilities—often by
entering into input fields values that have been specially
tampered with to search for vulnerabilities, a particularly
vicious hacking technique known as command injection
(which includes SQL injection). Such attacks introduce and
execute commands that allow hackers to read, modify,
and even destroy important information and resources,
sometimes corrupting entire databases, thus opening
application providers to considerable danger.2,3
Application vulnerability and security issues must be
kept in mind over the entire software development life
cycle—for example, applying best practices during design
ties, is particularly useful for third-party testing in a Web
services environment because it doesn’t require that clients
and providers have access to source code, as static analysis
and runtime anomaly detection do.
Penetration testing may be undertaken manually;
however, using automated tools for this process can save
considerable time and money, and a number of such tools
are now commercially available. The question, though, is
the extent to which these tools, many regarded as state
of the art, are truly effective, both in terms of identifying
a full range of potential vulnerabilities and of avoiding
false-positive alarms. Our analysis of several widely used
automated penetration testing tools, which we describe
here, suggests that their performance is far from impres-
sive for Web services security testing. Researchers and
practitioners need to be aware of these limitations in order
to lead the way for devising new tools and techniques to
improve the effectiveness of vulnerability detection meth-
odologies and so insure better Web services security in
the future.

30 COMPUTER Published by the IEEE Computer Society 0018-9162/14/$31.00 © 2014 IEEE

r2ant.indd 30 1/22/14 5:52 PM

 WEB SERVICES SECURITY
Web services, including both SOAP and RESTful ser-
vices,6 are currently the most popular applications for
implementing SOAs. A Web service delivers a particular
business functionality in a protocol-independent dis-
tributed environment through a standardized interface;
the fact that it should be reusable allows its consump-
tion for multiple business processes. SOAP Web services
are session-­less and rely on XML for message formatting,
using a Web Services Descriptive Language (WSDL) file
to describe the interface as well as the format of the ex-
changed messages. RESTful Web services reuse the HTTP
operations together with a simplified message format and
employ a Web Application Descriptive Language (WADL)
file for interface description.
Techniques for detecting software vulnerabilities in
Web applications are generally classified as white box or
black box; alternative techniques combining characteris-
tics of both are called gray box. While most such detection
approaches can be applied to Web services as well, it is
important to keep in mind several characteristics that dis-
tinguish Web services from other Web applications. First,
Web services always have a well-defined interface, which
eliminates the crawling phase sometimes required to de-
termine an interface for a Web application; this is a plus in
terms of efficiency, but for purposes of vulnerability testing
and detection, it serves to mask information about inter-
nal application problems extracted by testing tools based
on service responses during crawling. Second, consum-
ers and users evaluating a third-party service to choose
among multiple alternatives are generally not owners and
so cannot access Web service internals, a requirement for
using some common vulnerability detection techniques.
Third, while the interoperability and reduced dependency
among services facilitate their replacement or modification
without requiring changes in other parts of the system,
this interoperability also reduces the time available for
vulnerability detection in order to not delay deployment
and requires taking into account the effect of potential in-
teractions among services.
White-box testing analyzes software internally for vul-
nerabilities and can include code inspection, reviews,
walkthroughs, and the like. A security inspection, during
which a programmer delivers code to peers who meet
formally and examine it systematically for security vul-
nerabilities, offers the most thorough assurance that a
piece of software has minimal vulnerabilities, but it is also
time consuming and often expensive. Less expensive are
code reviews (almost as thorough as code inspections but
not requiring formal meetings) and code walkthroughs
(a more informal and less thorough process of analyzing
code manually by following code paths based on pre-
defined input conditions).7 Automated white-box testing
tools, such as static analyzers that vet software code to
r2ant.indd 31
identify implementation-level faults, can reduce the time
and costs associated with manual code inspection. How-
ever, exhaustive source code analysis may be difficult;
moreover, automated white-box testing often fails to iden-
tify many security flaws due to code complexity and the
absence of runtime (dynamic) view.
Black-box testing, a widely used technique for analyz-
ing programs at runtime from an external point of view,
consists of using inputs to execute the software and com-
paring the execution outcome with the expected result; it
can range from unit testing to integration and system test-
ing. Under best practices, test specifications should define
Because the number of such tests can
reach hundreds or even thousands for
each vulnerability type, performing
penetration testing manually is repetitive
and quite expensive.
the coverage criteria and be elaborated before develop-
ment; designing tests based on specifications in advance
of writing code can avoid any bias that may develop after
the code is written.
Gray-box testing most often takes the form of dynamic
program analysis, which consists of analyzing software
behavior in the process of executing it—that is, attempt-
ing to identify faults and potential vulnerabilities through
examination of the internal code (similar to static analysis)
as it functions in the presence of realistic inputs (runtime
analysis). Obviously, the program must be executed with
sufficient test inputs; code coverage analyzers help guar-
antee adequate coverage of the source code.
For Web applications, the black-box method of pen-
etration testing is commonly used as a means to identify
potential security vulnerabilities, analyzing program ex-
ecution in the presence of malicious inputs. Penetration
testing requires no knowledge of specific implementa-
tion details; fuzzing techniques provide data input from
a malicious user’s point of view.5 Because the number of
such tests can reach hundreds or even thousands for each
vulnerability type, performing penetration testing manu-
ally is not only repetitive and tedious but can also be quite
expensive. Consequently, more cost-efficient automated
penetration testing tools have been developed (although
even with these, it isn’t feasible to test all potential input
streams; test cases must be designed to provide a broadly
representative testing environment once software speci-
fications are complete).
Web security scanners, sometimes called Web vulner-
ability scanners, are the automated tool of choice for Web
application penetration testing, but only some of these
scanners support testing Web services. Among these,
FEBRUARY 2014 31
1/22/14 5:52 PM
 C OV ER F E AT U RE
Table 1. Overall number of vulnerabilities detected by an expert security team and four representative scanning tools.
Vulnerability detection method SQL injection
Expert team
VS1
VS2
VS3
VS4
the few that are free, such as WSFuzzer and WSDigger,
simply automate the attacking process and log pertinent
responses, requiring security expertise on the user’s part
as well as a great deal of time in order to examine all the
results and manually identify vulnerabilities in the Web
service being tested; we have not considered these for the
purposes of this study. The three leading commercial Web
security scanners that support Web services testing are HP
WebInspect, IBM Rational AppScan, and Acunetix Web Vul-
nerability Scanner, all of which claim to scan for, identify,
and assess Web application hacking vulnerabilities.
The problem is that, in practice, for purposes of vulner-
ability identification, penetration testing tools must rely
on analysis of the Web application output; lack of access
to the application’s internal behavior limits their effec-
tiveness, as previous work evaluating penetration testing
tools has confirmed. In one study, Web security scanners
performed poorly when they analyzed complex websites
that had large amounts of client-side navigation code and
form-based wizards.8 A later study evaluated 11 security
scanners and reached similar conclusions, finding that
none of the scanners was able to detect application-­specific
vulnerabilities.9 It is important to point out, however, that
these studies were performed in the context of Web ap-
plications, which, as noted earlier, have characteristics
different from those of Web services. This highlights the
need for studies aimed at understanding the effectiveness
of these tools in Web service-based environments.
EXPERIMENTAL STUDY: EFFECTIVENESS
OF PENETRATION TESTING
To better understand the effectiveness of penetration
testing in a Web services environment, we conducted an
experimental study using four Web security scanners to
detect vulnerabilities in a defined set of services. Three
of the scanners we used—HP WebInspect, IBM Rational
AppScan, and Acunetix Web Vulnerability Scanner—are
widely available and considered to provide state-of-the-
art support for Web services. The fourth scanning tool we
used for our study is an academic prototype that imple-
ments an approach we have proposed elsewhere.10 For
purposes of this discussion, the specific brands have been
masked to assure neutrality and conform with licensing
32 COMPUTER
r2ant.indd 32
XPath injection
201 4
62 2
42 0
6 0
47 1
constraints, so we refer to the four tools as VS1, VS2, VS3,
and VS4, with no particular assigned order. After some ini-
tial configurations, each of these automated tools is able
to read the description file of a Web service, test it for vul-
nerabilities, and at the end of the testing process generate
a file reporting the vulnerabilities found (if any).
Services used
For this study, we tested a set of 25 Web services with a
total of 101 operations. The greater part of these services
(20) was adapted from the implementations of three stan-
dard benchmarks developed by the Transaction Processing
Performance Council (www.tpc.org), namely, TPC-App,
TPC-C, and TPC-W. These performance benchmarks cover
Web services infrastructures, transactional systems, and
e-commerce. (Although TPC-C and TCP-W do not define
transactions in the form of Web services, they can easily
be implemented and deployed as such.) The other five ser-
vices have been adapted from code publicly available on
the Internet (www.planet-source-code.com). All of the ser-
vices are implemented in Java and use a relational database
to store data and SQL commands for data management—
except one, which uses an XML data source. These services
comprise more than 15 KLOC (thousands of lines of code),
with an average cyclomatic complexity of 9, and were de-
veloped by independent programmers with no knowledge
of our particular security study.
Performing a complete evaluation such as we proposed
required knowing in advance the existing vulnerabilities
in each of the services tested. For this purpose, we enlisted
a security team comprised of four people with different
backgrounds and experience in secure development prac-
tices. This team reviewed the services’ source code looking
for vulnerabilities, while crosschecking to eliminate false
positives. Their analysis determined that the 24 services
(98 operations) using a relational database contain 201
SQL injection vulnerabilities, while the other service (three
operations) has four XPath injection vulnerabilities. (These
results suggest that the service developers did not pay much
attention to security.)
This information provided the basis for a deep analysis
of the effectiveness of the scanners. First, we performed a
false-positives analysis to determine which vulnerabilities
1/22/14 5:52 PM
 detected and reported by the
scanning tools do not, in fact, 250
exist. We then conducted a de-
tection coverage analysis to 200
determine which of the vulner- False positives
True positives
abilities we knew to exist in the 150
services were, in fact, detected
by the tested tools. Although 205
100 66
our study was limited to two (50.77%)
61
types of vulnerabilities, we con- (59.22%) 29
sider the data used sufficient for 50 (37.66%)
64
showing the potential effective- 42 48
6
ness of the four scanning tools, 0
as we will discuss. Experts VS1 VS2 VS3 VS4

Overall results Figure 1. Number of false-positive vulnerabilities reported by Web security scanning
Table 1 presents the overall re- tools compared with vulnerabilities reported by a team of security experts.
sults of our study, showing the
total number of vulnerabilities reported by each tool. As The percentage of reported false positives is very high
can be observed, each of the different penetration testing for scanners VS1 and VS2 and certainly in the high range
tools reported a different number of vulnerabilities. This for VS4: in the case of VS1 and VS2, more than half of the
is a first indicator that tools implement different forms of reported vulnerabilities do not exist, and in the case of
penetration testing and that the outputs from different tools VS4, false positives account for more than one-third of
may be difficult to compare. Another observation worth the vulnerabilities reported. This level of false positives
noting is that all four tools detected SQL injection vulnera- suggests that in many instances, software developers
bilities, but only two (VS1 and VS4) reported XPath injection may waste considerable effort “fixing” nonexistent
issues. Although the actual number of XPath-related vulner- vulnerabilities, reducing overall confidence in the
abilities is quite small in comparison to SQL injection, this tools. The number of false positives is due to the use of
discrepancy is equally true in real-world scenarios because heuristics to detect vulnerabilities by evaluating Web
Web services more often use a traditional database instead services responses; these heuristics, while facilitating
of XML solutions for storing information (as is the case in detection of vulnerabilities otherwise undetectable, also
other Web applications). This fact may also explain why cause the scanners to report a large number nonexistent
some scanning tools apparently do not include features to vulnerabilities. It is interesting to note, by the way, that the
detect XPath vulnerabilities. three XPath injection vulnerabilities reported by VS1 (two)
A key aspect of our analysis not reported in the table, and VS4 (one) all correspond to true positives.
but still worth mentioning: different tools reported VS3, on the other hand, reported no false-positive
different vulnerabilities even in the same Web services. alarms. Obviously, one factor contributing to this low
For example, although the number of SQL injection number of false positives is the relatively small number
vulnerabilities reported by VS1 is much higher than the of vulnerabilities reported by VS3 overall. This scanner
number of vulnerabilities detected by the other scanners, would seem to employ a very conservative detection ap-
the other three actually detected some vulnerabilities not proach that, although avoiding reports of false positives,
reported by VS1. We will return to this point later. also leaves many vulnerabilities undetected.

False-positives analysis Coverage analysis

False positives (that is, occurrences when the tools de-
tected and reported vulnerabilities that in reality do not
exist) were another focus of our study. For the purposes
of this evaluation, we considered the set of vulnerabilities
reported by the security inspection team we enlisted as
representing the complete set of vulnerabilities for each of
the Web services tested. Thus, we consider a vulnerability
reported by a tool as a false positive if the team of security
experts did not report it and a true positive if it matched
one reported by the team. Figure 1 shows the results.
Another key factor in considering the effectiveness of se-
curity scanners is their detection coverage rate—that is,
the number of vulnerabilities detected compared with the
total number of actual vulnerabilities. After discarding
false positives, we calculated each scanning tool’s detec-
tion coverage rate, assuming the vulnerabilities reported
by the expert security team as the total number of vulner-
abilities. Table 2 presents these results.
In all cases, the coverage rates were quite low. In
fact, none of the four scanners was able to detect even

FEBRUARY 2014 33

r2ant.indd 33 1/22/14 5:52 PM

 C OV ER F E AT U RE
Table 2. Detection coverage rates for penetration testing
by four representative security scanners.
Scanner Coverage rate (%)
VS1 31.22
VS2 20.49
VS3 2.93
VS4 23.41
one- third of the total number of vulnerabilities. VS1
clearly provided the best coverage, but even so detected
only about 31 percent of the known vulnerabilities. VS2
and VS4 each detected fewer than a quarter of the vulner-
abilities, with VS4 offering a slight edge—a difference that
is actually significant considering that VS4 also reported
many fewer false positives. VS3 provided an extremely
low coverage rate; its conservative detection approach
(which, as we have noted, avoids false positives) left 97
percent of the known vulnerabilities undetected. It is
worth pointing out that although VS1 had the highest
detection coverage, it is also the scanner reporting the
most false positives.
Understanding the relationship among the actual vul-
nerabilities reported by each scanner requires a different
type of analysis. Figure 2 shows the overlap among the sets
of vulnerabilities reported by each scanning tool (after re-
moving false positives), with the area of its respective circle
roughly proportional to the number of vulnerabilities de-
tected by each tool.
Clearly, there were differences among the four tools
in terms of the actual vulnerabilities reported, which
highlights the difficulty involved in selecting and using
a single tool for penetration testing. As Figure 2 shows,
for example, 17 of the vulnerabilities were detected only
by VS1, and only five of the vulnerabilities were detected
by all four scanners—although this low total in terms
of overall detection coverage is obviously affected by
the low coverage of VS3. VS4 was able to detect all the
vulnerabilities detected by VS2 and VS3 plus six more.
And VS1, while detecting the most vulnerabilities overall,
failed to detect one vulnerability that all the other tools
detected—particularly interesting given the very low
number of vulnerabilities detected by VS3. (As far as we
were able to determine, this specific vulnerability is lo-
cated in a difficult-to-reach code path that the requests
performed by VS1 were unable to exercise.)
Equally interesting, 140 vulnerabilities were undetected
by any of the four tools, emphasizing even more strongly
the difficulty of selecting one tool to use. Manual analysis
of the services reveals that many of those undetected vul-
nerabilities are located in places of the code hard to reach
via black-box testing, and the workloads generated by the
34 COMPUTER
r2ant.indd 34
tools are not yet complete enough to execute those code
paths. There are also situations where an undetected vul-
nerability is preceded by another very similar one, such
that the second can only be detected after the first has
been fixed (that is, because the first is exploited, execution
never reaches the second).
LESSONS LEARNED
Penetration testing is fundamental for deploying secure
code, particularly for consumers testing in Web services
environments where internals are inaccessible. But, as pre-
vious research and our own study have shown, currently
available commercial Web security scanning tools are not
entirely satisfactory for purposes of penetration testing of
Web applications and Web services.
Essentially, users of automated penetration testing face
two problems. First, the very high number of false positives
reported by available penetration testing tools reduces
developer confidence regarding their precision and also
lowers the productivity of development teams who must
analyze vulnerabilities that in fact do not exist. Second, the
relatively limited vulnerability detection coverage provided
by available tools inevitably means that significant num-
bers of vulnerabilities remain undetected, a major concern
for applications with the level of exposure to external en-
vironmental factors that Web services have.
These problems result from the intrinsic limitations
of penetration testing as a black-box technique: it has
no access to the internal behavior of the tested services
and can observe an application only from the point of
view of an external user. These limitations have two
primary ramifications:
•• The fact that vulnerability detection is based solely
on analysis of a Web service’s output leads to a lack
of information for decision making. Tool capability is
restricted because the amount of information released
to the client is insufficient to detect vulnerabilities ef-
fectively. Moreover, the fact that application output is
often processed to limit (or prohibit) leakage of any
system information can make detecting vulnerabili-
ties impossible (even though vulnerabilities exist and
testing tools may effectively exploit them).
•• The fact that the tool cannot identify all appropriate
inputs necessary to maximize the number of Web
service code paths that are tested results in inad-
equate code coverage. Obviously, if some paths of
code are not executed during the testing process, any
vulnerabilities that occur in these pieces of code will
not be detected.
Clearly, innovative approaches are necessary to over-
come the present limitations of penetration testing. These
must be designed both to improve the quality of the tests
1/22/14 5:52 PM
 performed and to take maximum ad-
vantage of all the interactions with the
application available to users. At the
same time, any new approach needs to
maintain current penetration testing ad-
vantages, such as time efficiency and
cost-effectiveness.
Improving testing quality will require
input values representative of accurate
and extensive real-world service uti-
lization in order to achieve high code
execution coverage. For Web services,
the interface description should provide
an accurate definition of each input’s
domains. While existing XML schemas
(XSD) associated with Web services now
allow this definition, most of the ser-
vices deployed do not, in fact, provide Figure 2. Overlap among the sets of vulnerabilities detected by each scanner.
such information—that task falls on the The areas of the circles are proportional to the number of vulnerabilities
development team. Further, in many sit- detected.
uations, dependencies exist among the
domains of different inputs that cannot
be described using only XSD. To address this problem,
Nuno Laranjeiro and his colleagues recently proposed
an extended domain expression language (EDEL) for
Web services that allows the specification of such re-
lations,11 but as yet no existing tool takes advantage of
such information.
Maximizing the effectiveness of vulnerability detection
based on a Web service’s outputs will require correlating
the results of multiple requests. Such correlation makes
possible the discovery of vulnerabilities left undetected
by analysis of only a single request/response. This corre-
lation may also allow confirmation of vulnerabilities, thus
avoiding false-positive alarms. Commercial tools such as
Acunetix WVS and research tools such as the one we have
proposed10 already incorporate techniques for this pur-
pose, achieving some promising results; however, as our
tests show, they are still far from satisfactory.
Another improvement that can boost future pen-
etration testing effectiveness is relaxation of black-box
constraints to increase internal visibility within the tested
Web s­ ervice—but without requiring access to the source
code. Such visibility can be achieved via two different tech-
niques, one having a greater degree of intrusiveness than
the other. The more intrusive would involve injecting the
tested Web service with specially localized probes provid-
ing sensitive information about its internal behavior during
the penetration testing process; using the less intrusive
method, developers could monitor all interfaces between
a Web service and appropriate external resources, looking
for information that might help to unveil vulnerabilities.
The assumption underlying this second method is that
the most crucial vulnerabilities manifest in the interfaces
r2ant.indd 35
VS1
17 VS4
140
6
36
VS2
VS3
5
1
between the attacked Web service and components of
other systems—the database, OS, gateways, and so forth;
for example, an SQL injection might be detected in the in-
terface with the outside database.
Information provided by increased visibility could then
be analyzed using techniques such as anomaly detection
or attack signatures monitoring. Anomaly detection con-
sists of searching for deviations from a normal, historical
profile: in an initial learning phase, a set of normal re-
quests (workload) is submitted to a service to determine
its regular behavior; then, in a subsequent attack phase, a
set of malicious requests (attackload) is submitted to find
deviations that unveil any vulnerabilities. Attack signatures
monitoring consists of introducing special tokens into the
attacks and then observing the presence of those tokens
in specific locations—the assumption being that, when an
attack succeeds, the token will be observable somewhere
in the monitored parts of the service.
D
espite current limitations, penetration testing will
continue to play an important role in evaluating
Web services security. It is, therefore, important
to keep improving these tools, using better workload
and attackload generation techniques, and devising new
mechanisms to detect vulnerabilities. Equally important
is the ability to correlate information provided by differ-
ent types of requests (regular requests, robustness-testing
requests, malicious requests, and others). Furthermore,
penetration testing tools should be based on standardized
and consistent procedures, implementing a well-defined
set of testing components to provide integrated support
FEBRUARY 2014 35
1/22/14 5:52 PM
 C OV ER F E AT U RE
for detecting a maximum number of vulnerabilities and
a minimal number of false positives. A generic penetra-
tion testing tool for Web services that combines all these
attributes is a goal for the future.
Finally, security concerns should be a paramount con-
sideration throughout the entire software development
process, not just during the testing phase. Applying multi-
ple security best practices at every step to reduce potential
security problems will require that developers correctly
use approaches and tools already at their disposal, as well
as improvements in current techniques and innovative new
methods for security assessment.
References
1. D.A. Chappell and T. Jewell, Java Web Services, O’Reilly
Media, 2002.
2. M. Vieira, N. Antunes, and H. Madeira, “Using Web
Security Scanners to Detect Vulnerabilities in Web
Services,” Proc. 2009 IEEE/IFIP Int’l Conf. Dependable
Systems & Networks (DSN 09), IEEE, 2009, pp. 566–571.
Showcase Your
Multimedia Content
on Computing Now!
IEEE Computer Graphics and Applications
seeks computer graphics-related
multimedia content (videos, animations,
simulations, podcasts, and so on) to
feature on its Computing Now page,
www.computer.org/portal/web/
computingnow/cga.
If you’re interested, contact us at
[email protected]. All content will be
reviewed for relevance and quality.
36 COMPUTER
r2ant.indd 36
3. Open Web Application Security Project, OWASP Top
10—2013, OWASP Foundation, 2013.
4. M. Howard and D.E. Leblanc, Writing Secure Code, 2nd
ed., Microsoft Press, 2004.
5. D. Stuttard and M. Pinto, The Web Application Hacker’s
Handbook: Finding and Exploiting Security Flaws, 2nd
ed., Wiley, 2011.
6. L. Richardson and S. Ruby, RESTful Web Services: Web
Services for the Real World, O’Reilly Media, 2007.
7. D.P. Freedman and G.M. Weinberg, Handbook of
Walkthroughs, Inspections, and Technical Reviews:
Evaluating Programs, Projects, and Products, 3rd ed.,
Dorset House, 2000.
8. M. Curphey and R. Araujo, “Web Application Security
Assessment Tools,” IEEE Security & Privacy, vol. 4, no.
4, 2006, pp. 32–41.
9. A. Doupé, M. Cova, and G. Vigna, “Why Johnny Can’t
Pentest: An Analysis of Black-Box Web Vulnerability
Scanners,” Proc. 7th Int’l Conf. Detection of Intrusions
and Malware, and Vulnerability Assessment (DIMVA 10),
2010, Springer, pp. 111–131.
10. N. Antunes and M. Vieira, “Detecting SQL Injection
Vulnerabilities in Web Services,” 4th Latin-American
Symp. Dependable Computing (LADC 09), Springer,
2009, pp. 17–24.
11. N. Laranjeiro, M. Vieira, and H. Madeira, “Improving
Web Services Robustness,” Proc. 2009 IEEE Int’l Conf.
Web Services (ICWS 09), 2009, IEEE, pp. 397–404.
Nuno Antunes is a PhD student in the Department of Infor-
matics Engineering at the University of Coimbra, Portugal,
where he received an MSc in informatics engineering. His
research interests include methodologies and tools for de-
veloping secure Web applications and services. Antunes is
a member of the IEEE Computer Society. Contact him at
[email protected].
Marco Vieira is an assistant professor in the Department
of Informatics Engineering at the University of Coimbra,
Portugal. His research interests include dependability and
security benchmarking, experimental dependability eval-
uation, fault injection, software development processes,
and software quality assurance. Vieira received a PhD in
computer engineering from the University of Coimbra. He
is a member of the IEEE Computer Society. Contact him at
[email protected].
Selected CS articles and columns are available
for free at http://ComputingNow.computer.org.
1/22/14 5:52 PM