TY  - JOUR
AU  - Al-Fayoumi, Mustafa 
AU  - Hamad, Ruba Haj 
AU  - Al-Saraireh, Jaafer 
PY  - 2018
TI  - SSOAM: Automated Security Testing Framework for SOA Middleware in Banking Domain
JF  - Journal of Computer Science
VL  - 14
IS  - 7
DO  - 10.3844/jcssp.2018.957.968
UR  - https://thescipub.com/abstract/jcssp.2018.957.968
AB  - In the banking domain, a high level of security must be considered and achieved to prevent a core-banking system from vulnerabilities and attackers. This is especially true when implementing Service Oriented Architecture Middleware (SOAM), which enables all banking e-services to be connected in a unified way and then allows banking e-services to transmit and share information using simple Object Access Protocol (SOAP). The main challenge in this research is that SOAP is designed without security in mind and there are no security testing tools that guarantee a secure SOAM solution in all its layers. Thus, this paper studies and analyzes the importance of implementing secure banking SOAM design architecture and of having an automated security testing framework. Therefore, Secure SOAM (SSOAM) is proposed, which works in parallel with the banking production environment. SSOAM contains a group of integrated security plugins that are responsible for scanning, finding, analyzing and fixing vulnerabilities and also forecasting new vulnerabilities and attacks in all banking SOAM layers.