WebApp Sec mailing list archives
Re: SOAP inspection / tampering tools?
From: Yuri Demchenko <demch () chello nl>
Date: Thu, 16 Sep 2004 13:35:25 +0200
You can check this links and related products:Anatomy of a Web Services Attack: A Guide to Threats and Preventative Countermeasures - Forum Systems, Inc., http:// www.forumsystems.com - March 1, 2004 - http://whitepapers.itsj.com/detail/RES/1084293354_294.html
Attacking and Defending Web Services. A Spire Research Report. – January 2004 Spire Security, LLC, http://www.spiresecurity.com - January 1, 2004 -
http://whitepapers.itsj.com/detail/RES/1075225294_11.htmlA Guide to Securing XML and Web Services. - ZapThink, LLC - January 1, 2004 -
http://whitepapers.itsj.com/detail/RES/1073404572_221.html and also look at on-going work on WS security threats analysis http://www.uazone.org/demch/analytic/draft-grid-security-incident-02.pdf Regards, Yuri Sebastien Deleersnyder wrote:
Hi,Are there any open-source / commercial tools available for inspection / modification of SOAP traffic to perform audits on its security?I am thinking of a local proxy-like program through which SOAP trafficis channeled by e.g. modifying localhost : redirect traffic destined for target.comto 127.0.0.1 The tool would allow for changing the SOAP content both in the request/reply. I imagine that this only makes sense if the SOAP goes over HTTP, HTTPS protects against sniffing.I know there are commercial tools available to scan a SOAP server onvulnerabilities, such as * ScanDo (Kavado) * AppScan (Sanctum, now WatchFire) How good are these in finding problems with SOAP calls? Are there open-source equivalents?Thank you, Kind regards, Sebastien
Current thread:
- SOAP inspection / tampering tools? Sebastien Deleersnyder (Sep 16)
- Re: SOAP inspection / tampering tools? David Nester (Sep 16)
- Re: SOAP inspection / tampering tools? Adam Tuliper (Sep 16)
- Re: SOAP inspection / tampering tools? Rogan Dawes (Sep 16)
- Re: SOAP inspection / tampering tools? Yuri Demchenko (Sep 18)
- Re: SOAP inspection / tampering tools? Adam Tuliper (Sep 18)
- Re: SOAP inspection / tampering tools? if0ff () softhome net (Sep 18)
- Re: SOAP inspection / tampering tools? Mads Rasmussen (Sep 18)
- Re: SOAP inspection / tampering tools? enrico sabbadin @ sabbasoft (Sep 19)
- <Possible follow-ups>
- RE: SOAP inspection / tampering tools? Matt Fisher (Sep 16)
- RE: SOAP inspection / tampering tools? Bob Auger (Sep 18)