[prev in list] [next in list] [prev in thread] [next in thread]
List: websecurity
Subject: Re: [WEB SECURITY] FW: Web Service pentesting
From: "Neaves, Tom" <tom.neaves () uk ! verizonbusiness ! com>
Date: 2011-11-29 15:21:35
Message-ID: 5AEF7B9DB4A6394181899CDEB268527817C83F28 () ms-lon-e3mb02 ! emea ! dsmain ! com
[Download RAW message or body]
Yup I'd tend to agree, SoapUI and Burp work well together for web
services. However, SoapUI does have some limitations with regards to
supporting WS-Security, namely WS-SecureConversation, as I painfully
found out last year. I managed to hunt down an alternative, WCFStorm,
which solved the problem though.
Cheers,
Tom
-----Original Message-----
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Menerick,
John
Sent: 28 November 2011 16:24
To: Pavol Luptak; websecurity@lists.webappsec.org
Cc: marek.palko@lynx.sk
Subject: Re: [WEB SECURITY] FW: Web Service pentesting
For Burp's pricing model, it is a great investment. Otherwise, the
greatest tool is your creativity in breaking underlying assumptions.
Cheers,
John Menerick
-----Original Message-----
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Pavol
Luptak
Sent: Friday, November 11, 2011 3:47 PM
To: websecurity@lists.webappsec.org
Cc: marek.palko@lynx.sk
Subject: Re: [WEB SECURITY] FW: Web Service pentesting
On Fri, Nov 11, 2011 at 05:37:55PM +0000, MaXe wrote:
>
> I stumbled over this the other day:
> http://www.securityaegis.com/web-application-testing-resources/
>
> There is also a lot of tools mentioned on this page, including the
most used generally. There's currently no better resource in my humble
opinion, that I can recommend at the moment.
See https://www.owasp.org/index.php/Phoenix/Tools
We use SOAP UI and Burp. I am not sure if there is something better.
Pavol
--
________________________________________________________________________
______
[Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel:
+421905400542]
NOTICE: This email and any attachments may contain confidential and
proprietary information of NetSuite Inc. and is for the sole use of the
intended recipient for the stated purpose. Any improper use or
distribution is prohibited. If you are not the intended recipient,
please notify the sender; do not review, copy or distribute; and
promptly delete or destroy all transmitted information. Please note
that all communications and information transmitted through this email
system may be monitored by NetSuite or its agents and that all incoming
email is automatically scanned by a third party spam and filtering
service.
_______________________________________________
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.
org
Verizon UK Limited - registered in England & Wales - registered number 2776038 - \
registered office at Reading International Business Park, Basingstoke Road, Reading, \
Berkshire, UK RG2 6DA - VAT number 823 8170 33
_______________________________________________
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic