Re: Web service security
- From: "Vinod Gadgoli" <vinod.infosec@xxxxxxxxx>
- Date: Thu, 22 Jun 2006 14:45:09 +1000
Hey Atul,
what sort of services you want to cover in ur security testing ?
there are various approaches to it such as,
u can check for the security of authentication mechanisms used, the
use of get or post methods to submit form date, the insecurities of
session id's, session hijacking attacks, cookies stealing, parameter
tampering attacks etc.
you can start by visiting www.owasp.org
this provides u a framework for what all you can test for an web app.
they have also got nice collection of tools and white papers
HTH
Vinod
On 6/20/06, Atul Wankhade <atul_wankhade@xxxxxxxxxxx> wrote:
Hi All,
Firstly, sorry if I have posted this to wrong alias. Please point me if you
know the right alias. I want to perfrom a security testing for the
webservices. I am a novice in this field. I would highly appreciated if you
could help me and share pointers in this regard. Also, I searched for
couple of tools on the net and here are my findings. Has anybody used any of
the following? It would be helpful if you suggest me on the same.
Thanks in advance ...
Atul Wankhade
WSFuzzer
- Attacks a web service based on valid WSDL, a valid endpoint &
namespace, or it can try to intelligently detect WSDL for a given target.
- http://www.neurofuzz.com/modules/software/wsfuzzer.php
wsChess
- Web Services Assessment and Defense Toolkit
- http://net-square.com/wschess/index.shtml
WSDigger
- a free open source tool to automate black-box web services
security testing (also known as penetration testing).
-
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/wsdigger.htm
WSBang
- Python-based tool used to perform automated security testing of
SOAP based web services.
- http://www.isecpartners.com/tools.html
SOAPSonar
- Allows Web Services Vulnerability Assessment.
- http://www.codeproject.com/showcase/Crosschecks1.asp
--
Vinod Gadgoli
Systems Security Engineer (MS Information Security)
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- SF new article announcement: Standards in desktop firewall policies
- From: Kelly Martin
- Web service security
- From: Atul Wankhade
- SF new article announcement: Standards in desktop firewall policies
- Prev by Date: Re: Protecting sensitive files on a Windows file server
- Next by Date: Re: newbie: what does "sign the message digest" mean?
- Previous by thread: Re: Web service security
- Next by thread: Baseline security controls
- Index(es):
Relevant Pages
|
|
