[ad] WSFuzzer is a fuzzing tool targetting HTTP and SOAP based web services. The program currently targets Web Services. In the current version HTTP based SOAP services are the only supported targets. This tool was created based on, and to automate, some of the manual SOAP pen testing work we perform. This tool is NOT […]
web-services
wsScanner – Web Services Footprinting, Discovery, Enumeration, Scanning and Fuzzing tool
[ad] wsScanner is a toolkit for Web Services scanning and vulnerability detection. This tool has the following functions: Discovery tool By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern. Vulnerability detection It is possible to enumerate and profile Web Services using this tool […]
WSBang – Python Based SOAP Services Testing Tool
[ad] WSBang is designed to be a lightweight, open source fuzzer for web services. It takes as input the URL or file system location of a WSDL for the web service to be tested. Upon completion, a simple HTML view of the test results will be displayed. Method parameters are fuzzed based on their type […]
SIFT Web Services Security Testing Framework
[ad] SIFT has released a new Intelligence Report titled ‘A Web Services Security Testing Framework‘. The framework covers the entire web services security testing process incorporating detailed threat modelling, scoping and planning methodologies tailored specifically for web services applications. Web services are a widely touted technology that aim to provide tangible benefits to both business […]
SIFT Web Method Search Tool
[ad] SIFT has just published a world-first tool for identifying rogue web methods. The Web Method Search tool is a Windows based application that uses a hybrid dictionary attack in an attempt to find unpublished administrative and other web services functions. As web services are becoming more prevalent, poor security practices from previous generations of […]