You may try SOAPUI as it has the ability to create mock objects. It allows you to test a Web service without actually connecting to it. The feature is available by right-clicking a method.
A example on tool usage.... may not be on this specific scenario but will give you idea about using SOAPUI to have your test framework for Web Services Security. WSDL Example using SOAPUI: http://one-size-doesnt-fit-all.blogspot.com/2009/08/soapui-for-web-service-testing.html The above solution (creating mock objects) may or may not be appropriate most of the time depending on the complexity of your test cases. However, one thing we must be aware that we can test any web service by having a proper WSDL url and / or atleast XSD document. If you only have an XSD document, then probably you can generate one WSDL dynmically for your ready reference and testing purpose. You can refer below link for WSDL generator. http://www.theprogrammerfactory.com/ Once you have sample WSDL generated by using these above kinds of tools you can test any web service the regular way.. May be again using SOAPUI. Or you may suggest us the best Web Service Security Testing Tool... :-) You can also refer to Universal Testing Method of WebService: http://searchsoftwarequality.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid92_gci1273738,00.html Hope this information helps you. Thanks! Regards Sandeep Thakur On Tue, Jul 6, 2010 at 10:45 AM, Ravi Gopal <[email protected]> wrote: > Hi Folks, > > The Web Services pen-testing has to be carried out for an application where > the WSDL is not accessible publicly i.e., the WSDL Scanning is ruled out. > I have gone through different forums/docs etc but did not get proper > information on how to do it for the scenario mentioned above (without WSDL > file). > > So your valuable inputs are required for other ways of doing WebServices > security assessment. A practical example based discussion would be more > useful. > > > > Regards, > Ravi Gopal > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
