XML Webservices Pentesting

XML Web Services Vulnerability Assessment

Similar to Flash, Microsoft Silverlight is a "thick client" application interface used to enhance users' experience. Underlying web services calls made by Silverlight are vulnerable and it is important to map those in terms of vulnerabilities and create fixes.

Specialized Pen Testing

Why penetration of XML Web Services Based is essential?

In web applications, the security can be assured by the use of different penetration testing tools. Nevertheless, compared to prominent attacks such as SQL-Injection or Cross-site scripting (XSS), there is currently no penetration testing tools that are capable of analyzing the security of XML interfaces.

The threat of XML-based attacks has significantly increased. Besides web services, Single Sign-On systems are also attackable as latest researches have revealed this the necessity of an automatic penetration testing tool.

How we do it??

By implementing common web applications, our developers evaluate the security of their systems by applying different penetration testing tools. However, in comparison to the well known attacks as SQL injection or Cross Site Scripting, there exists no penetration testing tools for Web Services specific attacks. Lots of XML-specific attacks exist and are known for a long time. Below table gives us an overview on currently published attacks.

XML Signature Wrapping Attack on XML Encryption Oversize Payload
Coercive parsing SOAP Action Spoofing XML Injection
WSDL Scanning Metadata Spoofing Attack Obfuscation
Oversized Cryptography BPEL State Deviation Instantiation Flooding
Indirect Flooding WS-Addressing spoofing Middleware Hijacking

What Our Customers Say?

Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.