From: pak (pak_ml@btopenworld.com)
Date: Sat Apr 24 2004 - 13:57:14 EDT
Hi Rafael,
Thanks for the suggestion, the problem with FxCop is that it checks the
code, but I cannot use it as automated tool to test .NET implementation of
web services, so I cannot use it to verify how the application will behave
when I will change schemas or I will sign bad element or when I will not
provide valid SAML assertion.
Cheers,
Pak76
----- Original Message -----
From: "Rosado, Rafael (Rafael)" <rarosado@lucent.com>
To: "pak" <pak_ml@btopenworld.com>
Cc: <pen-test@securityfocus.com>
Sent: Saturday, April 24, 2004 6:13 PM
Subject: RE: Tools to test web services
> PAK,
>
> There is a tool called FXCop which you might consider -
> http://www.gotdotnet.com/team/fxcop/
>
> "FxCop is a code analysis tool that checks .NET managed code assemblies
> for
> conformance to the Microsoft .NET Framework Design Guidelines. It uses
> reflection, MSIL parsing, and callgraph analysis to inspect assemblies for
> more than 200 defects in the following areas:
>
> Library design
> Localization
> Naming conventions
> Performance
> Security
> FxCop includes both GUI and command line versions of the tool, as well as
> an
> SDK to create custom rules."
>
> Good Luck!
>
> Rafael Rosado, CISSP, CISA
> Lucent IT Infrastructure Security
> Voice: 954-885-2176
> Fax: 954-885-3861
> Email: rarosado@lucent.com
>
> This e-mail message and any attachment(s) to it are intended only for the
> use of the addressee(s). The information in this e-mail message is
> confidential and proprietary and may be subject to legal privilege. The
> reading or dissemination of this email by anyone other than the intended
> recipient is strictly prohibited. If you believe you have received this
> e-mail in error, please notify the sender immediately and permanently
> delete
> this e-mail, any attachments and all copies thereof from any drives or
> storage media and destroy any printouts.
> -----Original Message-----
> From: pak [mailto:pak_ml@btopenworld.com]
> Sent: Saturday, April 24, 2004 5:15 AM
> To: pen-test@securityfocus.com
> Subject: Tools to test web services
>
> Hi,
>
> I was asked to do penetration testing of web services built on .NET
> Framework; therefore I'm looking for the tool that could test web services
> and adequately supports standards such as WS-Security, SAML,
> XML-Encryption,
> XML-Signature. So far the only thing I could do is to write such tool on
> my
> own, but maybe there are tools out there (commercial and/or
> non-commercial),
> I'm not aware of, that can help me. Any help/suggestions/tools/papers what
> and how to test are more than welcome.
>
> Cheers,
>
> Pak76
>
>
> ----------------------------------------------------------------------------
> --
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
> less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills of an Ethical Hacker to better assess the security of your
> organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
> ---
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT