WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SOAP inspection / tampering tools?

From: "enrico sabbadin @ sabbasoft" <sabbadin () sabbasoft com>
Date: Thu, 16 Sep 2004 11:48:37 +0200
I think you can gice a chance to achilles .. 

Enrico Sabbadin
MTS/COM+/VBCOM/.NET FAQ: http://www.sabbasoft.com
BLOG: http://www.sabbasoft.com/myblog
----- Original Message ----- 
From: "Sebastien Deleersnyder" <sdl () ascure com>
To: <webappsec () securityfocus com>
Sent: Wednesday, September 15, 2004 10:11 AM
Subject: SOAP inspection / tampering tools?


Hi,
 
Are there any open-source / commercial tools available for inspection /
modification of 
SOAP traffic to perform audits on its security?
I am thinking of a local proxy-like program through which SOAP traffic
is channeled 
by e.g. modifying localhost : redirect traffic destined for target.com
to 127.0.0.1
The tool would allow for changing the SOAP content both in the
request/reply.
I imagine that this only makes sense if the SOAP goes over HTTP, HTTPS
protects against sniffing.
 
I know there are commercial tools available to scan a SOAP server on
vulnerabilities, such as

* ScanDo (Kavado)
* AppScan (Sanctum, now WatchFire)

How good are these in finding problems with SOAP calls?
Are there open-source equivalents?
 
Thank you,
 
Kind regards,
 
Sebastien
Previous By Date Next
Previous By Thread Next

Current thread: