SOAPbox is a handy tool for testing a Web Service. It does stress testing, functional testing, authentication testing (e.g. handling mutual SSL), and vulnerability assessment. The vulnerability assessment piece is provided by the "attack vector" feature. You can access the attack vector functionality in the SOAPbox product by following these steps:
Firstly if you don’t have it already, download a free copy of SOAPbox from http://www.vordel.com/products/soapbox/
Next, in the “Classic” mode of SOAPbox (selected using the tabs in the top-right), load in the WSDL of the service you want to test (using the icon shown in the “WSDL_Import” screenshot attached). This will allow you to load in a particular operation of the WSDL.
Press the green triangular “play” button on the SOAPbox toolbar to send the request through once, to make sure it is hitting the Web Service. You should see a response in the right-hand side “Response” area. Now, you have tested it without the security vectors being inserted.
Now, Switch over to the “Design Mode” in the SOAPbox. Make a new test suite and a test case. It should now look like the attached “SOAPbox-configured” screen.
Press on the test case and choose “Add SOAP Message”. You can copy and paste the example SOAP message in here, under the “Body content” tab. This is the SOAP message you’ll be automatically inserting security vectors into.
Next, use the tab at the bottom of the screen to choose “Security Vectors”. On the left you’ll see a list of Security Vectors to add, such as SQL Injection and XPath Injection, and on the right you’ll see a tree-view of the message. Drill into this tree-view of the message on the right of the screen and choose where to place security vectors in the message. Now you can send the message by once more pressing on the green triangular arrow again. You will see the test input and response now on the right-hand-side of the screen.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment