WebApp Sec mailing list archives
Re: SOAP inspection / tampering tools?
From: David Nester <david () icrew org>
Date: Thu, 16 Sep 2004 06:07:36 -0500
Sebastien, You might check out this new application from Spidynamics. Although I have only used Webinspect...it appears that this application will allow you to do SOAP modification: SPI Toolkit http://www.spidynamics.com/products/Comp_Audit/toolkit/index.html David --------------------------------------- David Nester iCrew Security david () icrew org http://www.icrew.org
From: "Sebastien Deleersnyder" <sdl () ascure com> Date: Wed, 15 Sep 2004 10:11:23 +0200 To: <webappsec () securityfocus com> Subject: SOAP inspection / tampering tools? Hi, Are there any open-source / commercial tools available for inspection / modification of SOAP traffic to perform audits on its security? I am thinking of a local proxy-like program through which SOAP traffic is channeled by e.g. modifying localhost : redirect traffic destined for target.com to 127.0.0.1 The tool would allow for changing the SOAP content both in the request/reply. I imagine that this only makes sense if the SOAP goes over HTTP, HTTPS protects against sniffing. I know there are commercial tools available to scan a SOAP server on vulnerabilities, such as * ScanDo (Kavado) * AppScan (Sanctum, now WatchFire) How good are these in finding problems with SOAP calls? Are there open-source equivalents? Thank you, Kind regards, Sebastien
Current thread:
- SOAP inspection / tampering tools? Sebastien Deleersnyder (Sep 16)
- Re: SOAP inspection / tampering tools? David Nester (Sep 16)
- Re: SOAP inspection / tampering tools? Adam Tuliper (Sep 16)
- Re: SOAP inspection / tampering tools? Rogan Dawes (Sep 16)
- Re: SOAP inspection / tampering tools? Yuri Demchenko (Sep 18)
- Re: SOAP inspection / tampering tools? Adam Tuliper (Sep 18)
- Re: SOAP inspection / tampering tools? if0ff () softhome net (Sep 18)
- Re: SOAP inspection / tampering tools? Mads Rasmussen (Sep 18)
- Re: SOAP inspection / tampering tools? enrico sabbadin @ sabbasoft (Sep 19)
- <Possible follow-ups>
- RE: SOAP inspection / tampering tools? Matt Fisher (Sep 16)
- RE: SOAP inspection / tampering tools? Bob Auger (Sep 18)