Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
SOAP inspection / tampering tools?
From: Sebastien Deleersnyder (sdlascure.com)
Date: Wed Sep 15 2004 - 03:11:23 CDT
Are there any open-source / commercial tools available for inspection /
SOAP traffic to perform audits on its security?
I am thinking of a local proxy-like program through which SOAP traffic
by e.g. modifying localhost : redirect traffic destined for target.com
The tool would allow for changing the SOAP content both in the
I imagine that this only makes sense if the SOAP goes over HTTP, HTTPS
protects against sniffing.
I know there are commercial tools available to scan a SOAP server on
vulnerabilities, such as
* ScanDo (Kavado)
* AppScan (Sanctum, now WatchFire)
How good are these in finding problems with SOAP calls?
Are there open-source equivalents?