[WEB SECURITY] FW: Web Service pentesting

Neaves, Tom tom.neaves at uk.verizonbusiness.com
Tue Nov 29 10:21:35 EST 2011


Yup I'd tend to agree, SoapUI and Burp work well together for web
services. However, SoapUI does have some limitations with regards to
supporting WS-Security, namely WS-SecureConversation, as I painfully
found out last year. I managed to hunt down an alternative, WCFStorm,
which solved the problem though.

Cheers,
Tom 

-----Original Message-----
From: websecurity-bounces at lists.webappsec.org
[mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of Menerick,
John
Sent: 28 November 2011 16:24
To: Pavol Luptak; websecurity at lists.webappsec.org
Cc: marek.palko at lynx.sk
Subject: Re: [WEB SECURITY] FW: Web Service pentesting

For Burp's pricing model, it is a great investment.    Otherwise, the
greatest tool is your creativity in breaking underlying assumptions.

Cheers,

John Menerick


-----Original Message-----
From: websecurity-bounces at lists.webappsec.org
[mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of Pavol
Luptak
Sent: Friday, November 11, 2011 3:47 PM
To: websecurity at lists.webappsec.org
Cc: marek.palko at lynx.sk
Subject: Re: [WEB SECURITY] FW: Web Service pentesting

On Fri, Nov 11, 2011 at 05:37:55PM +0000, MaXe wrote:
> 
> I stumbled over this the other day:
> http://www.securityaegis.com/web-application-testing-resources/
> 
> There is also a lot of tools mentioned on this page, including the
most used generally. There's currently no better resource in my humble
opinion, that I can recommend at the moment.

See https://www.owasp.org/index.php/Phoenix/Tools

We use SOAP UI and Burp. I am not sure if there is something better.

Pavol
--
________________________________________________________________________
______
[Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel:
+421905400542]

NOTICE: This email and any attachments may contain confidential and
proprietary information of NetSuite Inc. and is for the sole use of the
intended recipient for the stated purpose.  Any improper use or
distribution is prohibited.  If you are not the intended recipient,
please notify the sender; do not review, copy or distribute; and
promptly delete or destroy all transmitted information.  Please note
that all communications and information transmitted through this email
system may be monitored by NetSuite or its agents and that all incoming
email is automatically scanned by a third party spam and filtering
service.
_______________________________________________
The Web Security Mailing List

WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates

websecurity at lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.
org



Verizon UK Limited - registered in England & Wales - registered number 2776038 - registered office at Reading International Business Park, Basingstoke Road, Reading, Berkshire, UK RG2 6DA - VAT number 823 8170 33




More information about the websecurity mailing list