-
Notifications
You must be signed in to change notification settings - Fork 103
Test 9) Weak WS SecurityPolicy: Insecure Transport
Yalçın YOLALAN edited this page Mar 28, 2018
·
2 revisions
Vulnerability Type Static
Test Web Service URI http://[yourhostName]/InsecureTransport.wsdl
Vulnerable Code Block Http token is used instead of Https token in the following line:
<sp:HttpToken RequireClientCertificate="false" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
Indications of Vulnerability Static analysis reveals http token is used.
- Home
- Installation
- Usage
- Default Parameter Values
- Scope
- Donation
-
Testing Activities
- XML Bombs
- External Entity Attacks
- Insecure Communication
- Insufficient Authentication Test
- Cross Site Scripting
- SQL Injection
- XPATH Injection
- Verbose SOAP Fault Message
- Weak WS-SecurityPolicy: Insecure Transport
- Weak WS-SecurityPolicy: Insufficient Supporting Token Protection
- Weak WS-SecurityPolicy: Tokens Not Protected
- Weak XML Schema: Undefined Namespace
- Weak XML Schema: Unbounded Occurrences