Security Basics mailing list archives

Re: Web service security

From: "Michal Merta" <michal.merta () gmail com>
Date: Tue, 20 Jun 2006 23:05:32 +0200

Hi Atul,
try to use nikto (http://www.cirt.net/code/nikto.shtml), great web
server scanner.
Michal

On 6/19/06, Atul Wankhade <atul_wankhade () hotmail com> wrote:

Hi All,

Firstly, sorry if I have posted this to wrong alias.  Please point me if you
know the right alias.  I want to perfrom a security testing for the
webservices. I am a novice in this field.  I would highly appreciated if you
could help me and share pointers in this regard.  Also, I searched for
couple of tools on the net and here are my findings. Has anybody used any of
the following?  It would be helpful if you suggest me on the same.
Thanks in advance ...
Atul Wankhade


WSFuzzer
-          Attacks a web service based on valid WSDL, a valid endpoint &
namespace, or it can try to intelligently detect WSDL for a given target.
-          http://www.neurofuzz.com/modules/software/wsfuzzer.php
wsChess
-          Web Services Assessment and Defense Toolkit
-          http://net-square.com/wschess/index.shtml
WSDigger
-          a free open source tool to automate black-box web services
security testing (also known as penetration testing).
-
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/wsdigger.htm
WSBang
-          Python-based tool used to perform automated security testing of
SOAP based web services.
-          http://www.isecpartners.com/tools.html
SOAPSonar
-          Allows Web Services Vulnerability Assessment.
-          http://www.codeproject.com/showcase/Crosschecks1.asp



--
Michal Merta
Network Security Engineer
http://www.misuta.cz

The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of the
addressee(s) and may contain proprietary, confidential or privileged
information. If you are not the intended recipient, you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately and destroy all copies of this message and any
attachments.

Current thread:

SF new article announcement: Standards in desktop firewall policies Kelly Martin (Jun 06)
- Web service security Atul Wankhade (Jun 19)
  - Re: Web service security Michal Merta (Jun 20)
  - Re: Web service security Vinod Gadgoli (Jun 22)