When operating web applications, web services or using single sign-on procedures, particular attention must be paid to the security of the application. Is the application vulnerable to attacks? How secure is its configuration? Are cryptographic procedures used properly? How can the security level of the application be further increased?
A penetration test or security assessment can answer these questions and support the secure operation of your application.
XML-based SOAP Web Services are a widely used technology, which allows the users to execute remote operations and transport arbitrary data. It is currently adapted in Service Oriented Architectures, cloud interfaces, management of federated identities, eGovernment, or millitary services. The wide adoption of this technology has resulted in an emergence of numerous - mostly complex - extension specifications. Naturally, this has been followed by a rise in large number of Web Services attacks. By implementing common web applications, the developers evaluate the security of their systems by applying different penetration testing tools. However, in comparison to the well-known attacks as SQL injection or Cross Site Scripting, there exist no penetration testing tools for Web Services specific attacks. With WS-Attacker we intend to close this gap and provide developers and penetration testers automatic methods for detecting Web Services specific attacks. The tool currently supports the following attacks:
- SOAPAction Spoofing
- WS-Addressing Spoofing
- Various XML Denial of Service variants
- XML Signature Wrapping
TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow and test it against his TLS library.
In addition, TLS-Attacker supports various known cryptographic attacks and their evaluations. This means you can simple check whether your server is vulnerable to padding oracle, invalid curve, or Bleichenbacher attacks. It has already allowed us to find vulnerabilities in major TLS libraries, including OpenSSL, Botan, or MatrixSSL.
EsPReSSO (Single Sign-On Extension for Burp Suite)
The Burp Suite Extension EsPReSSO helps in the detection of various Single Sign-On protocols. It supports SAML, OpenID, OAuth, BrowserId, OpenID Connect, Facebook Connect and Microsoft Account. EsPReSSO passively analyzes the HTTP traffic and automatically highlights Single Sign-On messages in the Burp Suite proxy.
In addition, EsPReSSO provides editors for SAML and JSON Web tokens allowing to edit them easily. In addition, XML Signature Wrapping attack vectors can be created for SAML using the built-in WS-Attacker library.
This tools covers Cross-Site Scripting (XSS) security issues with media-files containing metadata. Such data is usually created by trusted devices like cameras. Therefore, there is the chance that providers handling this metadata, also trust them and that they thus use insuffcient or no filter mechanisms.
We have developed an open-source pentesting tool called Metadata-Attacker. It consists of a suite of self-developed tools that allow to create malicious proof-of-concept image (.jpg), audio (.mp3), and video (.mp4) files.