Pentest Framework for Webservices?

StackOverflow https://stackoverflow.com/questions/7445351

Frage

Is there a pentest framework, especially sql injections, for (java, axis) webservices? Like a SoapUI for pentester or something like that?

War es hilfreich?

Lösung

No, But I Have A List For Testing And Pentesting Webservices : Tools :

  • SOA CLEANER
  • WcfStorm-Lite
  • Wsdigger
  • WsScanner

I Am Use Soa Cleaner And SoapUi For Web Service Pentesing

Andere Tipps

I think, the best method to pentest a webservice is :

  1. Find all apps that can connect to webservice
  2. Install apps and sniff every packet
  3. See authentication methods or check inputs in xml packet
  4. Read carefully WSDL,

By the way The SoapUi is A good tool

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top