Pentest Framework for Webservices?
-
21-01-2021 - |
题
Is there a pentest framework, especially sql injections, for (java, axis) webservices? Like a SoapUI for pentester or something like that?
解决方案
No, But I Have A List For Testing And Pentesting Webservices : Tools :
- SOA CLEANER
- WcfStorm-Lite
- Wsdigger
- WsScanner
I Am Use Soa Cleaner And SoapUi For Web Service Pentesing
其他提示
I think, the best method to pentest a webservice is :
- Find all apps that can connect to webservice
- Install apps and sniff every packet
- See authentication methods or check inputs in
xml
packet - Read carefully WSDL,
By the way The SoapUi is A good tool
不隶属于 StackOverflow