XML Webservices Pentesting
XML Web Services Vulnerability Assessment
Similar to Flash, Microsoft Silverlight is a "thick client" application interface used to enhance users' experience. Underlying web services calls made by Silverlight are vulnerable and it is important to map those in terms of vulnerabilities and create fixes.
Specialized Pen Testing
Why penetration of XML Web Services Based is essential?
In web applications, the security can be assured by the use of different penetration testing tools. Nevertheless, compared to prominent attacks such as SQL-Injection or Cross-site scripting (XSS), there is currently no penetration testing tools that are capable of analyzing the security of XML interfaces.
The threat of XML-based attacks has significantly increased. Besides web services, Single Sign-On systems are also attackable as latest researches have revealed this the necessity of an automatic penetration testing tool.
How we do it??
By implementing common web applications, our developers evaluate the security of their systems by applying different penetration testing tools. However, in comparison to the well known attacks as SQL injection or Cross Site Scripting, there exists no penetration testing tools for Web Services specific attacks. Lots of XML-specific attacks exist and are known for a long time. Below table gives us an overview on currently published attacks.
| XML Signature Wrapping | Attack on XML Encryption | Oversize Payload |
| Coercive parsing | SOAP Action Spoofing | XML Injection |
| WSDL Scanning | Metadata Spoofing | Attack Obfuscation |
| Oversized Cryptography | BPEL State Deviation | Instantiation Flooding |
| Indirect Flooding | WS-Addressing spoofing | Middleware Hijacking |
What Our Customers Say?
Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.
Valency Networks is our only preferred vendor because the way they find vulnerabilities in our network is par excellence. We hired them on a long term contract to top up our perimeter and wish to continue with them.
Hardly goes a day when I have not learnt anything new in cyber security space and IT technologies.
Working at Valency Networks helps me gain great knowledge everyday.