Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: SOAP inspection / tampering tools?
Date: Thu Sep 16 2004 - 15:36:12 CDT
Check out XMLSpy. You can feed an WSDL file in order to use the provided
methods of a particular webservice. It's a commercial tool but trial
licence can be obtained for free.
Sebastien Deleersnyder wrote:
> Are there any open-source / commercial tools available for inspection /
> modification of
> SOAP traffic to perform audits on its security?
> I am thinking of a local proxy-like program through which SOAP traffic
> is channeled
> by e.g. modifying localhost : redirect traffic destined for target.com
> to 127.0.0.1
> The tool would allow for changing the SOAP content both in the
> I imagine that this only makes sense if the SOAP goes over HTTP, HTTPS
> protects against sniffing.
> I know there are commercial tools available to scan a SOAP server on
> vulnerabilities, such as
> * ScanDo (Kavado)
> * AppScan (Sanctum, now WatchFire)
> How good are these in finding problems with SOAP calls?
> Are there open-source equivalents?
> Thank you,
> Kind regards,