[WEB SECURITY] Scanning Web Services That Require Signed SOAP Requests

Ory Segal SEGALORY at il.ibm.com
Fri Feb 5 14:14:22 EST 2010


Rational AppScan has this integrated into the product - The GSC tool for 
web services, that comes bundled with AppScan supports all kinds of 
WS-Security standards, including certificates for signing message bodies.

Ory Segal
Security Products Architect
AppScan Product Manager
Rational, Application Security
IBM Corporation
Tel: +972-9-962-9836
Mobile: +972-54-773-9359
e-mail: segalory at il.ibm.com 

Brian Shura <bshura73 at gmail.com>
websecurity at webappsec.org
05-02-10 08:15 PM
[WEB SECURITY] Scanning Web Services That Require Signed SOAP Requests

I'm planning to test a web service that requires the client to use a 
certificate to sign the message body of each SOAP request using the WS 
security standard.  Are there any scanners out there that can effectively 
scan this type of web service?  I know that many scanners support client 
SSL certificates, but this is a bit different.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100205/68d37405/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2359 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100205/68d37405/attachment.gif>

More information about the websecurity mailing list