Web Service and SOAP security papers

This week I spent time testing a new Web Service feature in our product IA that utilized SOAP headers. Testing started with scripting my typical functional, use, and boundary tests in SOATest and then wrapping up with my basic security tests (URL encoding, SQL Injection, Cross Site Scripting, etc). Before moving on I spent a bit of time perusing the Web for SOAP header security exploits to see if I could expand my security test suite for this particular feature. The search didn’t yield anything significant but I was re-reminded in my search of a few great papers on Web Service and SOAP security:


Leave a Reply

Your email address will not be published. Required fields are marked *