Advertisment

Secure Web services with WSDigger

author-image
CIOL Bureau
Updated On
New Update

NEW DELHI: Intrusion Prevention and Security Risk Management firm McAfee's security services group Foundstone Professional Services, has announced the release of WSDigger, an open source tool that can help in identifying vulnerabilities in Web services implementations. Said an online report.

Advertisment

WSDigger uses the penetration testing approach and imitates a malicious user without internal knowledge of the code that drives the Web service. Operating as a Web service client it decides how-to interact with the Web service and prompts the user to make decisions. Its follows a four step process of service discovery, attack vector discovery, exploit testing, and analysis to accomplish its task.

Commenting on WSDigger, Kartik Trivedi, principal consultant for McAfee said that the tool is launched, to meet the strong interest for tools and services that can protect Web services. WSDigger 1.0 is an open source tool with sample attack plug-ins for SQL injection, cross-site scripting, and X-PATH injection attacks. Since it is open, users can write their own plug-ins and use it for their applications, Kartik informed.

WSDigger 1.0 and its source code can be downloaded from Foundstone's website at: www.foundstone.com/resources/freetools.htm .



tech-news