Web services are typically application programming interfaces (API) or Web APIs that are accessed via
Hypertext Transfer Protocol (HTTP) and executed on a remote system hosting the requested services. Web
services tend serve mainly two types of data. XML() and JSON. With the former using SOAP(Simple Object
Access Protocol) as its main source. As many of these services are either public or loosely authenticated
testing of these services is necessary as they allow hackers to retrieve and send data. As information is
shared via the Web API there are vulnerabilities that can allow hackers to insert xml or regular expressions
that can call themselves and create a DOS(denial of service) attack.
WebSafe will test for specific Web Services:
Our scanner will analyse XML responses, WSDL structure, syntax highlighting and regular expression searching.