Re: Tools to test web services

From: pak (pak_ml_at_btopenworld.com)
Date: 04/24/04

Next message: Rosado, Rafael (Rafael): "RE: Tools to test web services"

Previous message: Clement Dupuis: "RE: Web site testing"
Maybe in reply to: pak: "Tools to test web services"
Next in thread: Rosado, Rafael (Rafael): "RE: Tools to test web services"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Rosado, Rafael (Rafael)" <rarosado@lucent.com>
Date: Sat, 24 Apr 2004 18:57:14 +0100

Hi Rafael,

Thanks for the suggestion, the problem with FxCop is that it checks the
code, but I cannot use it as automated tool to test .NET implementation of
web services, so I cannot use it to verify how the application will behave
when I will change schemas or I will sign bad element or when I will not
provide valid SAML assertion.

Cheers,

Pak76

----- Original Message -----
From: "Rosado, Rafael (Rafael)" <rarosado@lucent.com>
To: "pak" <pak_ml@btopenworld.com>
Cc: <pen-test@securityfocus.com>
Sent: Saturday, April 24, 2004 6:13 PM
Subject: RE: Tools to test web services

> PAK,
>
> There is a tool called FXCop which you might consider -
> http://www.gotdotnet.com/team/fxcop/
>
> "FxCop is a code analysis tool that checks .NET managed code assemblies
> for
> conformance to the Microsoft .NET Framework Design Guidelines. It uses
> reflection, MSIL parsing, and callgraph analysis to inspect assemblies for
> more than 200 defects in the following areas:
>
> Library design
> Localization
> Naming conventions
> Performance
> Security
> FxCop includes both GUI and command line versions of the tool, as well as
> an
> SDK to create custom rules."
>
> Good Luck!
>
> Rafael Rosado, CISSP, CISA
> Lucent IT Infrastructure Security
> Voice: 954-885-2176
> Fax: 954-885-3861
> Email: rarosado@lucent.com
>
> This e-mail message and any attachment(s) to it are intended only for the
> use of the addressee(s). The information in this e-mail message is
> confidential and proprietary and may be subject to legal privilege. The
> reading or dissemination of this email by anyone other than the intended
> recipient is strictly prohibited. If you believe you have received this
> e-mail in error, please notify the sender immediately and permanently
> delete
> this e-mail, any attachments and all copies thereof from any drives or
> storage media and destroy any printouts.
> -----Original Message-----
> From: pak [mailto:pak_ml@btopenworld.com]
> Sent: Saturday, April 24, 2004 5:15 AM
> To: pen-test@securityfocus.com
> Subject: Tools to test web services
>
> Hi,
>
> I was asked to do penetration testing of web services built on .NET
> Framework; therefore I'm looking for the tool that could test web services
> and adequately supports standards such as WS-Security, SAML,
> XML-Encryption,
> XML-Signature. So far the only thing I could do is to write such tool on
> my
> own, but maybe there are tools out there (commercial and/or
> non-commercial),
> I'm not aware of, that can help me. Any help/suggestions/tools/papers what
> and how to test are more than welcome.
>
> Cheers,
>
> Pak76
>
>
> ----------------------------------------------------------------------------
> --
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
> less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills of an Ethical Hacker to better assess the security of your
> organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
> ---

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

Next message: Rosado, Rafael (Rafael): "RE: Tools to test web services"

Previous message: Clement Dupuis: "RE: Web site testing"
Maybe in reply to: pak: "Tools to test web services"
Next in thread: Rosado, Rafael (Rafael): "RE: Tools to test web services"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Tools to test web services
... I was asked to do penetration testing of web services built on .NET ... therefore I'm looking for the tool that could test web services ... to facilitate one-on-one interaction with one of our expert instructors. ...
(Pen-Test)
Re: testing websites and web services
... If you want to test web services, you can do this totally online and ... assuming the web services are accessible over the internet - ...
(microsoft.public.dotnet.languages.csharp)
Problem calling a Web Service referenced object.
... I am able to Add Web Reference... ... I have tried referencing other test web services i have lying around my test box (These web services work from the browser and from other solutions perfectly.) They get the same build errors. ...
(microsoft.public.dotnet.framework.webservices)