Foundstone Releases new Web Services Penetration Tool
July 13, 2005
This could turn out to be pretty handy!
WSDigger is a free open source tool designed by Foundstone to automate black-box web services security testing (also known as penetration testing). WSDigger is more than a tool, it is a web services testing framework. Version one of this framework contains sample attack plug-ins for SQL injection, cross site scripting and XPATH injection attacks. A web service vulnerable to XPATH injection is provided as an example with the tool. By releasing the framework as an open-source tool, users are encouraged to develop and share their own plug-ins.
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/wsdigger.htm
you can even just attack your own public wsdl without having it go through a UDDI
WSDigger is a free open source tool designed by Foundstone to automate black-box web services security testing (also known as penetration testing). WSDigger is more than a tool, it is a web services testing framework. Version one of this framework contains sample attack plug-ins for SQL injection, cross site scripting and XPATH injection attacks. A web service vulnerable to XPATH injection is provided as an example with the tool. By releasing the framework as an open-source tool, users are encouraged to develop and share their own plug-ins.
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/wsdigger.htm
you can even just attack your own public wsdl without having it go through a UDDI
Eddie Peloke says:
July 13, 2005 @ 14:00 — Reply
Jim, Are there plans for a non-Windows version of this?