-
Notifications
You must be signed in to change notification settings - Fork 105
Home
Both static and dynamic tests against the security vulnerabilities are performed by WSSAT. The vulnerabilities which will be analysed in the scope of this project are:
1. STATIC TESTING (ANALYSIS) WSSAT performs static analysis on both web service WSDL and XSD documents. WSSAT checks the following vulnerabilities by static analysis: • Weak XML Schema: Unbounded Occurrences • Weak XML Schema: Undefined Namespace • Weak WS-SecurityPolicy: Insecure Transport • Weak WS-SecurityPolicy: Insufficient Supporting Token Protection • Weak WS-SecurityPolicy: Tokens Not Protected
2. DYNAMIC TESTING WSSAT checks the following vulnerabilities by dynamic tests: • Insecure Communication - SSL Not Used • Unauthenticated Service Method • Error Based SQL Injection • Cross Site Scripting • XML Bomb • External Entity Attack - XXE • XPATH Injection • Verbose SOAP Fault Message
WSSAT provides a dynamic environment to add, update or delete vulnerabilities by just editing its vulnerabilities XML files (under the XML directory).
- Home
- Installation
- Usage
- Default Parameter Values
- Scope
- Donation
-
Testing Activities
- XML Bombs
- External Entity Attacks
- Insecure Communication
- Insufficient Authentication Test
- Cross Site Scripting
- SQL Injection
- XPATH Injection
- Verbose SOAP Fault Message
- Weak WS-SecurityPolicy: Insecure Transport
- Weak WS-SecurityPolicy: Insufficient Supporting Token Protection
- Weak WS-SecurityPolicy: Tokens Not Protected
- Weak XML Schema: Undefined Namespace
- Weak XML Schema: Unbounded Occurrences