This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Testing for Web Services"

From OWASP
Jump to: navigation, search
(Web Services Testing)
Line 12: Line 12:
  
  
[[XML Structural Testing AoC|4.9.1 XML Structural Testing ]]<br>
+
[[XML Structural Testing AoC|4.8.1 XML Structural Testing ]]<br>
[[XML Content-Level Testing AoC|4.9.2 XML Content-level Testing ]]<br>
+
[[XML Content-Level Testing AoC|4.8.2 XML Content-level Testing ]]<br>
[[WS HTTP GET parameters/REST attacks AoC|4.9.3 HTTP GET parameters/REST Testing ]]<br>
+
[[WS HTTP GET parameters/REST attacks AoC|4.8.3 HTTP GET parameters/REST Testing ]]<br>
[[Naughty SOAP attachments AoC|4.9.4 Naughty SOAP attachments ]]<br>
+
[[Naughty SOAP attachments AoC|4.8.4 Naughty SOAP attachments ]]<br>
[[WS Replay Testing|4.9.5 Replay Testing ]]<br>
+
[[WS Replay Testing|4.8.5 Replay Testing ]]<br>
  
  
 
{{Category:OWASP Testing Project AoC}}
 
{{Category:OWASP Testing Project AoC}}
 
[[OWASP Testing Guide v2 Table of Contents]]
 
[[OWASP Testing Guide v2 Table of Contents]]

Revision as of 09:48, 2 November 2006

OWASP Testing Guide v2 Table of Contents

Web Services Testing


"By 2005 Web services shall have reopened over 70% of the attack paths against internet-connected systems, which were closd by network firewalls in the 1990's" -Gartner Oct 2002

SOA (Service Orientated Architecture)/Web services applications are up-and-coming systems which are enabling businesses to interoperate and are growing at an unprecedented rate. Webservice "clients" are generally not user web front-ends but other backend servers. Webservices are exposed to the net like any other service but can be used on HTTP, FTP, SMTP, MQ among other transport protocols.

The vulnerabilities in web services are similar to other vulnerabilities such as SQL injection, information disclosure ad leakage etc but web services also have unique XML/parser related vulnerabilities which are discussed here also.


4.8.1 XML Structural Testing
4.8.2 XML Content-level Testing
4.8.3 HTTP GET parameters/REST Testing
4.8.4 Naughty SOAP attachments
4.8.5 Replay Testing



OWASP Testing Guide v2

Here is the OWASP Testing Guide v2 Table of Contents OWASP Testing Guide v2 Table of Contents