|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
SOAP inspection / tampering tools?
From: Sebastien Deleersnyder (sdl
ascure.com)
Date: Wed Sep 15 2004 - 03:11:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Are there any open-source / commercial tools available for inspection /
modification of
SOAP traffic to perform audits on its security?
I am thinking of a local proxy-like program through which SOAP traffic
is channeled
by e.g. modifying localhost : redirect traffic destined for target.com
to 127.0.0.1
The tool would allow for changing the SOAP content both in the
request/reply.
I imagine that this only makes sense if the SOAP goes over HTTP, HTTPS
protects against sniffing.
I know there are commercial tools available to scan a SOAP server on
vulnerabilities, such as
* ScanDo (Kavado)
* AppScan (Sanctum, now WatchFire)
How good are these in finding problems with SOAP calls?
Are there open-source equivalents?
Thank you,
Kind regards,
Sebastien
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]