RE: Tools to test web services
From: Leewarner, Joshua (US - Seattle) (jleewarner_at_deloitte.com)
Date: 04/24/04
- Previous message: fergus: "Re: SME risk assessment (Was: Bank Assessment)"
- Maybe in reply to: pak: "Tools to test web services"
- Next in thread: Rosado, Rafael (Rafael): "RE: Tools to test web services"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 24 Apr 2004 15:52:49 -0500 To: "pak" <pak_ml@btopenworld.com>, <pen-test@securityfocus.com>
Pak,
You might want to look at WebInspect from SPIDynamics.
Specs on their tool here:
http://www.spidynamics.com/productline/WE_specs.html.
I don't recall off-hand what all components it can check, but I know
that it does assess web-services to an extent. You might have to inquire
from the company to see if they can cover your laundry list below.
Joshua Leewarner, CISSP
Deloitte / Security Services Group
-----Original Message-----
From: pak [mailto:pak_ml@btopenworld.com]
Sent: Saturday, April 24, 2004 2:15 AM
To: pen-test@securityfocus.com
Subject: Tools to test web services
Hi,
I was asked to do penetration testing of web services built on .NET
Framework; therefore I'm looking for the tool that could test web
services and adequately supports standards such as WS-Security, SAML,
XML-Encryption, XML-Signature. So far the only thing I could do is to
write such tool on my own, but maybe there are tools out there
(commercial and/or non-commercial), I'm not aware of, that can help me.
Any help/suggestions/tools/papers what and how to test are more than
welcome.
Cheers,
Pak76
------------------------------------------------------------------------
------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off any course! All of our class sizes are guaranteed to be 10 students
or less to facilitate one-on-one interaction with one of our expert
instructors.
Attend a course taught by an expert instructor with years of
in-the-field pen testing experience in our state of the art hacking lab.
Master the skills of an Ethical Hacker to better assess the security of
your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
-------
This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
- Previous message: fergus: "Re: SME risk assessment (Was: Bank Assessment)"
- Maybe in reply to: pak: "Tools to test web services"
- Next in thread: Rosado, Rafael (Rafael): "RE: Tools to test web services"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
