Web Services/ API Penetration Testing Part - 2
Web Services and API Penetration Testing Part #2 Welcome readers to Part 2 of Web Services Penetration Testing. In this part, we will take a quick look into the various test cases, tools and method for security testing of Web Services. Black box Web Services Penetration Testing pre-requisite: è Web Service Description Language (WSDL) file Grey box Web Services Penetration Testing pre-requisite: è Sample requests/responses for methods along with WSDL file. Stages of Penetration Testing of Web Service: 1. Information Gathering 2. Black Box 3. Google hacking (using dorks to discover web services for websites hosted over network) 4. UDDI 5. Web Service Discovery (If no WSDL provided) 6. Authentication Type Discovery Testing Methodology: ...