Penetration Testing mailing list archives
Re: Pentest Web Services
From: Christian Martorella <cmartorella () edge-security com>
Date: Sat, 01 Sep 2007 13:29:33 +0200
Hi, for pentesting web services you could use wsfuzzer from Neurofuzz, you can get it and read more about it here:
http://www.neurofuzz.com/modules/software/wsfuzzer.php Hope it helps, Christian Martorella laramies.blogspot.com www.edge-security.com wavefront1 () shaw ca wrote:
I am trying to use wsdigger from Foundstone against a web services site over SSL. wsdigger does not support SSL, so I am using stunnel to take care of that. This works and I can enumerate the services. Unfortunately the Service URL gets picked up (correctly) with the https prefix. Unfortunately the wsdigger UI does not allow me to edit the Service URL field. Has anyone updated wsdigger to deal with ssl sites? Is there some workaround available? On a broader tack: What do pentesters out there actually use against web services? Thanks ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Pentest Web Services Christian Martorella (Sep 01)