Pentest Framework for Webservices?

Question

Is there a pentest framework, especially sql injections, for (java, axis) webservices? Like a SoapUI for pentester or something like that?

Answer 1

No, But I Have A List For Testing And Pentesting Webservices : Tools :

• SOA CLEANER
• WcfStorm-Lite
• Wsdigger
• WsScanner

I Am Use Soa Cleaner And SoapUi For Web Service Pentesing

Answer 2

I think, the best method to pentest a webservice is :

1. Find all apps that can connect to webservice
2. Install apps and sniff every packet
3. See authentication methods or check inputs in xml packet
4. Read carefully WSDL,

By the way The SoapUi is A good tool