Yesterday, we got an urgent requirement from one of our clients, a multinational banking and insurance firm.
They have a web service that is exposed on their intranet, and needed to test for security, obviously an onsite activity. But for an assignment such as the web services security testing, which including me, only a couple of our resources can carry out, and that too on such short notice of less than a day, I would say we had situation. I really think training more guys for web services security testing will bring in more projects of similar nature, as currently they are very few and far in between.
Needless to say, I'm always excited about an onsite activity, it's always a tremendous learning experience, and also kind of a break from the day-to-day office. So, I stepped up. Although, had to perform a quick handover, as I was working on a report.
I needed to get my system ready for the job. Although, I had a couple of commercial grade automated tools which work really well, the test wouldn't be complete without manual validation with some open source tools. A few good tools such as WSDigger, WSAttacker, and the WSFuzzer will definatly help in the testing. What I was surprised to see was that BackTrack 5 does not come with OWASP WSFuzzer. Anyways got the tools installed and all set for the job.
It was way past midnight, by the time I finished researching more about Web Services. All set of the job, a long day ends...
They have a web service that is exposed on their intranet, and needed to test for security, obviously an onsite activity. But for an assignment such as the web services security testing, which including me, only a couple of our resources can carry out, and that too on such short notice of less than a day, I would say we had situation. I really think training more guys for web services security testing will bring in more projects of similar nature, as currently they are very few and far in between.
Needless to say, I'm always excited about an onsite activity, it's always a tremendous learning experience, and also kind of a break from the day-to-day office. So, I stepped up. Although, had to perform a quick handover, as I was working on a report.
I needed to get my system ready for the job. Although, I had a couple of commercial grade automated tools which work really well, the test wouldn't be complete without manual validation with some open source tools. A few good tools such as WSDigger, WSAttacker, and the WSFuzzer will definatly help in the testing. What I was surprised to see was that BackTrack 5 does not come with OWASP WSFuzzer. Anyways got the tools installed and all set for the job.
It was way past midnight, by the time I finished researching more about Web Services. All set of the job, a long day ends...
 
No comments:
Post a Comment