July 19, 2011, 8:08 a.m.
posted by creed
Commercial tools are available that operate quite well in this space. In some cases the Web services functionality was built in as part of an entire enterprise approach; in other cases the tool is specifically for Web service testing.
WebInspect, covered in the following section, is an excellent example of a commercial product that pays specific attention to Web services.
One of the options within WebInspect, a product from S.P.I. Dynamics Incorporated, is to audit Web services. The tool provides you with both options in terms of manually probing services (via SOAP Editor) or it fuzzing on your behalf automatically. Figure should give you a good idea of what this tool does. It represents a finished scan using WebInspect’s automated functionality.
Its export (for documentation) options are excellent and shown in Figure.
Here are two other commercial tools worth looking into:
eXamineXT by Kenai Systems (http://www.kenaisystems.com/prod_eXamineXT.php)
SOAtest by Parasoft (http://www.parasoft.com/jsp/products/home.jsp?product=SOAP)