Journal of Computer Science

SSOAM: Automated Security Testing Framework for SOA Middleware in Banking Domain

Mustafa Al-Fayoumi, Ruba Haj Hamad and Jaafer Al-Saraireh

DOI : 10.3844/jcssp.2018.957.968

Journal of Computer Science

Volume 14, Issue 7

Pages 957-968

Abstract

In the banking domain, a high level of security must be considered and achieved to prevent a core-banking system from vulnerabilities and attackers. This is especially true when implementing Service Oriented Architecture Middleware (SOAM), which enables all banking e-services to be connected in a unified way and then allows banking e-services to transmit and share information using simple Object Access Protocol (SOAP). The main challenge in this research is that SOAP is designed without security in mind and there are no security testing tools that guarantee a secure SOAM solution in all its layers. Thus, this paper studies and analyzes the importance of implementing secure banking SOAM design architecture and of having an automated security testing framework. Therefore, Secure SOAM (SSOAM) is proposed, which works in parallel with the banking production environment. SSOAM contains a group of integrated security plugins that are responsible for scanning, finding, analyzing and fixing vulnerabilities and also forecasting new vulnerabilities and attacks in all banking SOAM layers.

Copyright

© 2018 Mustafa Al-Fayoumi, Ruba Haj Hamad and Jaafer Al-Saraireh. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.