Penetration testing as a test phase in web service testing a black box pen testing approach

Abstract

The study involves the implementation of the black box penetration testing approach; it deals with the step by step idea to conduct a penetration testing on web services as a user not as a developer. In this, we study about top vulnerabilities that are found in SOAP web services and how to exploit them to get confidential information which an attacker can regenerate and gain access to and what countermeasures the developer can take to prevent such vulnerabilities. So to prevent such malicious attack we should test them beforehand and fix the vulnerabilities before deploying web services over the network. We discussed about SOA architecture and black box penetration testing as a part of development lifecycle. We used SOAP UI and Burp Suite to test Web Services for security vulnerabilities.