Penetration Testing mailing list archives
Re: Tools to test web services
From: "pak" <pak_ml () btopenworld com>
Date: Sat, 24 Apr 2004 18:57:14 +0100
Hi Rafael,Thanks for the suggestion, the problem with FxCop is that it checks the code, but I cannot use it as automated tool to test .NET implementation of web services, so I cannot use it to verify how the application will behave when I will change schemas or I will sign bad element or when I will not provide valid SAML assertion.
Cheers, Pak76----- Original Message ----- From: "Rosado, Rafael (Rafael)" <rarosado () lucent com>
To: "pak" <pak_ml () btopenworld com> Cc: <pen-test () securityfocus com> Sent: Saturday, April 24, 2004 6:13 PM Subject: RE: Tools to test web services
PAK, There is a tool called FXCop which you might consider - http://www.gotdotnet.com/team/fxcop/"FxCop is a code analysis tool that checks .NET managed code assemblies forconformance to the Microsoft .NET Framework Design Guidelines. It uses reflection, MSIL parsing, and callgraph analysis to inspect assemblies for more than 200 defects in the following areas: Library design Localization Naming conventions Performance SecurityFxCop includes both GUI and command line versions of the tool, as well as anSDK to create custom rules." Good Luck! Rafael Rosado, CISSP, CISA Lucent IT Infrastructure Security Voice: 954-885-2176 Fax: 954-885-3861 Email: rarosado () lucent com This e-mail message and any attachment(s) to it are intended only for the use of the addressee(s). The information in this e-mail message is confidential and proprietary and may be subject to legal privilege. The reading or dissemination of this email by anyone other than the intended recipient is strictly prohibited. If you believe you have received thise-mail in error, please notify the sender immediately and permanently deletethis e-mail, any attachments and all copies thereof from any drives or storage media and destroy any printouts. -----Original Message----- From: pak [mailto:pak_ml () btopenworld com] Sent: Saturday, April 24, 2004 5:15 AM To: pen-test () securityfocus com Subject: Tools to test web services Hi, I was asked to do penetration testing of web services built on .NET Framework; therefore I'm looking for the tool that could test web servicesand adequately supports standards such as WS-Security, SAML, XML-Encryption, XML-Signature. So far the only thing I could do is to write such tool on my own, but maybe there are tools out there (commercial and/or non-commercial),I'm not aware of, that can help me. Any help/suggestions/tools/papers what and how to test are more than welcome. Cheers, Pak76 ---------------------------------------------------------------------------- -- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 offany course! All of our class sizes are guaranteed to be 10 students or lessto facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Tools to test web services pak (Apr 24)
- <Possible follow-ups>
- RE: Tools to test web services Leewarner, Joshua (US - Seattle) (Apr 26)
- RE: Tools to test web services Rosado, Rafael (Rafael) (Apr 26)
- Re: Tools to test web services pak (Apr 26)
- RE: Tools to test web services Rosado, Rafael (Rafael) (Apr 26)