Web services are often deployed with critical software security faults that open them to malicious attack.
Security Labs’ penetration testing for the web services will identify vulnerabilities and the impact of those vulnerabilities to the web services and their surrounding environment. The test may also include APIs that are discovered during the testing.
Testing approaches
The web services penetration testing service provides our clients with assurance that their web services are being thoroughly tested using Security Labs methodology that includes but is not limited to:
Web services threat modelling including publicly accessible information.
Utilising Universal Description, Discovery and Integration (UDDI)
Identifying Web Services Description Language (WSDL).
Users horizontal and vertical access controls.
Authentication mechanisms, such as testing the life cycle for user session from creation to destruction.
Functionality of access controls.
Leaking Personally Identifiable Information (PII) by unauthorised users.
Conduct security research for previously undiscovered vulnerabilities.
Fuzzing and mutation where appropriate.
Parsing vulnerabilities
Language-specific vulnerabilities (e.g XML External Entity Injection)
The top ten OWASP vulnerabilities.
Testing methodologies
Security Labs will approach the testing using the following method/s
Unauthenticated malicious external user.
Authenticated standard and administrative users.
Authenticated standard user(s).
Authenticated administrative user(s).
