|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: SOAP inspection / tampering tools?
if0ff
softhome.net
Date: Thu Sep 16 2004 - 15:36:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Check out XMLSpy. You can feed an WSDL file in order to use the provided
methods of a particular webservice. It's a commercial tool but trial
licence can be obtained for free.
http://www.xmlspy.com/download_spy_enterprise.html
Greets
if0ff
Sebastien Deleersnyder wrote:
> Hi,
>
> Are there any open-source / commercial tools available for inspection /
> modification of
> SOAP traffic to perform audits on its security?
> I am thinking of a local proxy-like program through which SOAP traffic
> is channeled
> by e.g. modifying localhost : redirect traffic destined for target.com
> to 127.0.0.1
> The tool would allow for changing the SOAP content both in the
> request/reply.
> I imagine that this only makes sense if the SOAP goes over HTTP, HTTPS
> protects against sniffing.
>
> I know there are commercial tools available to scan a SOAP server on
> vulnerabilities, such as
>
> * ScanDo (Kavado)
> * AppScan (Sanctum, now WatchFire)
>
> How good are these in finding problems with SOAP calls?
> Are there open-source equivalents?
>
> Thank you,
>
> Kind regards,
>
> Sebastien
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]