Pentest Framework for Webservices?

StackOverflow https://stackoverflow.com/questions/7445351

Pergunta

Is there a pentest framework, especially sql injections, for (java, axis) webservices? Like a SoapUI for pentester or something like that?

Foi útil?

Solução

No, But I Have A List For Testing And Pentesting Webservices : Tools :

  • SOA CLEANER
  • WcfStorm-Lite
  • Wsdigger
  • WsScanner

I Am Use Soa Cleaner And SoapUi For Web Service Pentesing

Outras dicas

I think, the best method to pentest a webservice is :

  1. Find all apps that can connect to webservice
  2. Install apps and sniff every packet
  3. See authentication methods or check inputs in xml packet
  4. Read carefully WSDL,

By the way The SoapUi is A good tool

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top