Scanning a SOAP Web Service for Vulnerabilities – Security Boulevard

The Home of the Security Bloggers Network
Home » Security Bloggers Network » Scanning a SOAP Web Service for Vulnerabilities

APIs and web services may seem less popular than websites and web applications but that is not true. Already back in 2018, APIs were responsible for 83% of web traffic worldwide. Most complex applications are based on microservices and microservices are basically web applications communicating with one another using APIs. Web services and APIs are prone to the same vulnerabilities as web applications. Therefore, to keep them secure, you need to know how to scan them.
In this article, we will show you how to run an Acunetix scan for a SOAP web service with a WSDL file. You will learn how to:
In this part, you will learn how to:
Run the following commands from the MariaDB or MySQL root prompt:
Using nano, create a /var/www/hello/config.php file as follows:
Using nano, create a /var/www/hello/functions.php file as follows:
Using nano, create a /var/www/hello/hello_server.php file as follows:
Using nano, create a /var/www/hello/hello_client.php file as follows:
Using nano, create a /var/www/hello/hello.wsdl file as follows:
In this example, our web service is defined at https://siptesting.net/hello/hello.wsdl. To scan the web service with Acunetix:
Examine the list of vulnerabilities for your target

We shall concentrate on the cross-site scripting and SQL injection vulnerabilities for this exercise.


The root cause for this vulnerability lies inside this line inside the hello_client.php file:
The $emailaddr contains the unvalidated content of the user input field and this is being sent back to the browser, which means that the browser can be coerced to execute script code. We need to sanitize the contents of this variable before sending it to the browser, adjusting the code as follows:
A quick look at the hello_server.php file can reveal the root cause. The queries are built using string concatenation:
The $emailaddr variable is being simply concatenated to the query string without any validation. We need to adjust the code by parameterising the query string, ensuring that any parameters passed are correctly escaped and quote-encapsulated, disallowing further exploits. The new code snippets would look like this:
We can go to the list of vulnerabilities for the scan and select the vulnerabilities we have adjusted.

Now click on the Retest button — this will create a new scan to test the selected vulnerabilities again. The results will show that we have successfully resolved the vulnerabilities.

Get the latest content on web security
in your inbox each week.
Kevin Attard Compagno is a Technical Writer working for Acunetix. A technical writer, translator, and general IT buff for over 30 years, Kevin used to run Technical Support teams and create training documents and other material for in-house technical staff.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Kevin Attard Compagno. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/SZ1TZtSU74k/
More Webinars

source