Skip to Main Content
Web services are a widely touted technology that aims to provide tangible benefits to both business and IT. Their increasing use in the enterprise sector, for the integration of distributed systems and business critical functions, dictates the need for diverse security assurances. Existing security frameworks do provide comprehensive security testing, but are not flexible enough to handle complex, user defined threat scenarios. This paper identifies and details an approach for providing an automated mechanism, which has the capability to allow users to create their own complex threat scenarios and test them against highly distributed web services. This mechanism provides the user with the tools and information necessary to generate and implement user defined security tests. This mechanism should however be considered only as a user driven extension to existing web service security testing frameworks.