
Service-Oriented Architecture ◾ 169
that can be leveraged to parse and test web services. One of the most useful tools is WS Digger by
McAfee Foundstone. You simply load the URL for the WSDL into the tool (Figure 13.5). Simply
selecting the service you wish to exploit will provide details on these data expected and will allow
for manual testing of the service’s response to the data (Figure 13.6). WS Digger provides the vul-
nerability analyst or penetration tester with not only the ability to parse out any control, but also
to feed the tool with input data for testing.
WSKnight is another WSDL enumeration tool that can make finding vulnerabil ...