Quick Search

Enter word or key phrases

Advanced Search

Intelligence Sub Menu:

Benefits by Industry:

Key Interest Areas:

Information For:

SIFT Training Schedule

Secure Web Application Design
Course Dates:

Sydney, Melbourne 2009

SIFT is an "Australian Government Endorsed Supplier" of information security and information risk management services.

Tools

SIFT Web Method Search Tool - 5 Sep 06

As web services are becoming more prevalent, poor security practices from previous generations of application architectures are being transferred to the web service space. One of these practices is the use of "security through obscurity" to hide certain web methods from users - that is, web methods exist that can be called, but that are not published in the WSDL or otherwise disclosed.

The SIFT Web Method Search tool is a dictionary attack tool that can be used to brute force the web method names for a given web service under certain circumstances. That is, SOAP requests can be submitted to a web service using probable combinations of words to allow the identification of hidden web methods not published in the corresponding WSDL document. This is possible because responses to requests for non-existent web methods and web methods that exist differ markedly under most platforms.

You can download the tool here.

The following signature can be used to verify the downloaded file. The SIFT Research Public Key is avaliable here.

-----BEGIN PGP SIGNATURE-----
iQIVAwUAROQhVm9dhrClpiASAQIhShAAuwKAyAi8aypjhUzaR9jFALWKRuRH/54A
A1UxQ3QNd+mv9uGYPae0yLYEnGNtXBP8t8c07/7dt6iJgwMGM8hKaW82K58KoijH
kmd/SecbKBiRnwNsAXJrXIXtiRnmeeOTTDE8PoiZwTcNBJoHSMRKGR/jdwOHYoFW
Rao9+iAwf++x5nIySt35PUULMgzJI3jnjkZC4KyLfhtozRfjsEE9n6ttRJyWB4O6
NkkiGceMLC2utVVelNl4WmAmHrawY9UxlPE4pHPY51k0XieOipxt0mHZReo0SlxD
CiWLCrCEBGY52xMepC+jgi1JOSOFDaiDR+aFAB8WbzYT65ZPn6Qq1sE4ilgvBjME
VP8hMq1eEdAgN9c21jslSLAMoUnNvjlNYEqY28EPhGuiPuQUYHBlv44PLOKbLAJP
jMMC62shiFn5QHYTzMc5WW2JkKUM7kmLFFV6uWa6SCni1ZzabGJOK3NOGs1sVl8T
3G+2fehx94yWlFFVgL2A6k6XE5XgiRVAea7I8EyfATT3KabvgaF3O/PgtM7sXdhm
PYa3kmviVfxQdbaXwk4thmtWkeZoRQYPxO7PH9CqxMc7zrAK9yPO5p4T6CDHiuqa
/ZjU/X11lW45eV5E3txLMOWou+RplnLtF6RvDbEPR6PmU8p7iTlTTEzTCDEAIaNX
Q/B+yJPgijc=
=yaLP
-----END PGP SIGNATURE-----



Top

Enter your email address to subscribe

SIFT Team Delivering 3 Presentations at Ruxcon!

21 Nov 08

The Ruxcon information security conference is once again being held in Sydney on the 29th to the 30th of November. The not-for-profit conference is regarded throughout Australia and the world as one of the leading information security research events.
more...

SIFT in 2008 BRW Fast 100

20 Nov 08

In the second half of 2008, SIFT was recognised for our rapid and consistent growth through inclusion in the 2008 BRW Fast 100.
more...
© 2000-2008 SIFT Pty Ltd. All rights reserved.
Terms & Conditions | Privacy Policy
Developed by Get Started Australia Pty Ltd