Pentesting Web Services with WS-Attacker v1.0
WS-Attacker is a modular framework for web services penetration testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks.
A user guide describes how to use to tool.
This guide will use WS-Attacker for penetration testing on self-made web service. In general, you have to to four things:
- Loading the WSDL and set up the request parameters.
- Submitting a test request.
- Configuring the attack plugins.
- Starting the attacks.