Web service security

["Atul Wankhade" <atul_wankhade () hotmail com>]

Hi All,

Firstly, sorry if I have posted this to wrong alias.  Please point me if you 
know the right alias.  I want to perfrom a security testing for the 
webservices. I am a novice in this field.  I would highly appreciated if you 
could help me and share pointers in this regard.  Also, I searched for 
couple of tools on the net and here are my findings. Has anybody used any of 
the following?  It would be helpful if you suggest me on the same.
Thanks in advance ...
Atul Wankhade


WSFuzzer
-          Attacks a web service based on valid WSDL, a valid endpoint & 
namespace, or it can try to intelligently detect WSDL for a given target.
-          http://www.neurofuzz.com/modules/software/wsfuzzer.php
wsChess
-          Web Services Assessment and Defense Toolkit
-          http://net-square.com/wschess/index.shtml
WSDigger
-          a free open source tool to automate black-box web services 
security testing (also known as penetration testing).
-          
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/wsdigger.htm
WSBang
-          Python-based tool used to perform automated security testing of 
SOAP based web services.
-          http://www.isecpartners.com/tools.html
SOAPSonar
-          Allows Web Services Vulnerability Assessment.
-          http://www.codeproject.com/showcase/Crosschecks1.asp




From:  "David Ball" <lostinvietnam () hotmail com>
To:  mohitz () cse iitb ac in
CC:  pen-test () securityfocus com
Subject:  RE: penetrating a firewalled network
Date:  Tue, 06 Jun 2006 11:36:43 +0800
> From my own post to SF some months back with a similar question. These 
> resources helped me out. The full thread is at the following URL:
>
> http://www.securityfocus.com/archive/101/421146/30/0/threaded
>
> 1. "Host Detection - Generating arbitrary responses to identify
> inter-networked nodes".
> http://www.zone-h.org/files/29/responses-tisc.txt
>
> 2. "Techniques to validate host connectivity"
> http://packetstorm.linuxsecurity.com/papers/protocols/host-detection.txt
>
> 3. "Diggin em Walls - Detection of Firewalls, and Probing networks behind
> firewalls".
> http://neworder.box.sk/newsread.php?newsid=2914
>
> 4. "Host Discovery with Nmap"
> http://www.l0t3k.net/biblio/fingerprinting/en/NMAP-mwdiscovery.pdf
> Provides different enumeration scenarios (Firewall with Filtering, Firewall
> with Generic Ruleset, Firewall with specific rules, Stateful Firewall with
> specific rules) and describes how to customize nmap scans for best results
> with each scenario. Provides example tcpdump output for each scan.
>
> 5. "Strategies for Defeating Distributed Attacks"
> http://www.megasecurity.org/Dos/Simple_Nomad.txt
> The title is a little misleading. Do a Find for the word "enumeration" and
> read from there. Also a very interesting few paragraphs on using non-echo
> ICMP messages for host enumeration. See especially the section titled "ICMP
> Defense".
>
> 6. "Firewall Penetration Testing"
> http://www.wittys.com/files/mab/fwpentesting.html
> (Borrows heavily from the original Firewalk paper but still worth a read)
>
> 7. "Network Scanning Techniques" - Ofir Arkin
> http://www.sys-security.com/archive/papers/Network_Scanning_Techniques.p
> df
>
> 8. "Low Level enumeration with TCP/IP"
> http://www.securitydocs.com/library/3012/2
>
> TOOLS
> ---------
>
> 1. Mike Shiffman/David Goldsmith's Firewalk paper
> http://www.packetfactory.net/projects/firewalk/firewalk-final.pdf
>
> 2. "Tcptraceroute examples"
> http://michael.toren.net/code/tcptraceroute/examples.txt
>
> 3. "Paratrace Analysis and Defence" (SANS GIAC practical)
> http://www.giac.org/certified_professionals/practicals/gcih/0392.php
>
> Sincerely.
>
> David Ball.
>
> > "Mohit Agarwal" <mohitz () cse iitb ac in>
> > No Phone Info Available
> > 06/06/2006 02:10 AM
> > Please respond to
> > mohitz () cse iitb ac in
> >
> > To
> > pen-test () securityfocus com
> > cc
> >
> > Subject
> > penetrating a firewalled network
> >
> >
> >
> >
> >
> >
> > Hi,
> >
> > I want to do penetration tests on a firewalled network to find out the
> > network structure and any other info that i can get. Can you suggest some
> > resources to read for the same as i am a noob.
> >
> > --
> > Mohit
> >
> > ------------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security?
> > Why not go with the #1 solution - Cenzic, the only one to win the
> > Analyst's
> > Choice Award from eWeek. As attacks through web applications continue to
> > rise,
> > you need to proactively protect your applications from hackers. Cenzic has
> > the
> > most comprehensive solutions to meet your application security penetration
> >
> > testing and vulnerability management needs. You have an option to go with
> > a
> > managed service (Cenzic ClickToSecure) or an enterprise software
> > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> > help you: http://www.cenzic.com/news_events/wpappsec.php
> > And, now for a limited time we can do a FREE audit for you to confirm your
> >
> > results from other product. Contact us at request () cenzic com for details.
> > ------------------------------------------------------------------------------
>
> _________________________________________________________________
> Learn English via Shopping Game, FREE! 
> http://www.linguaphonenet.com/BannerTrack.asp?EMSCode=MSN06-03ETFJ-0211E
>
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security? Why not go with the #1 solution - 
> Cenzic, the only one to win the Analyst's Choice Award from eWeek. As 
> attacks through web applications continue to rise, you need to proactively 
> protect your applications from hackers. Cenzic has the most comprehensive 
> solutions to meet your application security penetration testing and 
> vulnerability management needs. You have an option to go with a managed 
> service (Cenzic ClickToSecure) or an enterprise software (Cenzic 
> Hailstorm). Download FREE whitepaper on how a managed service can help you: 
> http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time 
> we can do a FREE audit for you to confirm your results from other product. 
> Contact us at request () cenzic com for details.
> ------------------------------------------------------------------------------



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------