LIST: Web Services (Part 2)

A friend of mine pointed me to a series of posts from the Infosec Institute focusing on the Web Services Penetration Testing subject:

·         Part 1: Introduction

·         Part 2: An Automated Approach With SoapUI Pro

·         Part 3: Automation with AppScan and Webinspect

·         Part 4: Manual Testing with SOA Client

·         Part 5: Manual Testing with soapUI

·         Part 6: Fuzzing Parameters with Burp

·         Part 7: More Fuzzing with Burp

PS: Thanks to J. Monteiro, P. Lourenço

LIST: Web Services Security Resources

The top 5 google search links returned me very interesting results that are must reads for anyone working with SOA/Web Services - either developing and deploying or testing. Some are from people I know very well (not the NSA ones). 

1. https://www.nsa.gov/ia/_files/factsheets/soa_security_vulnerabilities_web.pdf (NSA classification for vulnerabilities)
2. http://www2.informatik.uni-freiburg.de/~accorsi/papers/igi-chapter.pdf (model based security)
3. https://eden.dei.uc.pt/~mvieira/dsn_ws.pdf
4. http://www.infosectoday.com/Articles/webservices.pdf
5. https://www.blackhat.com/presentations/bh-europe-07/Bhalla-Kazerooni/Whitepaper/bh-eu-07-bhalla-WP.pdf

PS: Not in any particular order.